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Preface 


Audience 

This  guide  is  for  the  networking  professional  using  the  Cisco  IOS  command-line  interface  (CLI)  to 
manage  theCisco  Gigabit  Ethernet  Switch  Module  (CGESM),  referred  to  as  the  switch.  Before  using  this 
guide,  you  should  have  experience  working  with  the  Cisco  IOS  commands  and  the  switch  software 
features.  Before  using  this  guide,  you  should  have  experience  working  with  the  concepts  and 
terminology  of  Ethernet  and  local  area  networking. 

Purpose 

This  guide  provides  the  information  that  you  need  about  the  Layer  2  commands  that  have  been  created 
or  changed  for  use  with  the  switch.  For  information  about  the  standard  Cisco  IOS  Release  12.2  commands, 
see  the  Cisco  IOS  documentation  set  available  from  the  Cisco.com  home  page  by  selecting  Technical 
Support  &  Documentation  >  Cisco  IOS  Software. 

This  guide  does  not  provide  procedures  for  configuring  your  switch.  For  detailed  configuration 
procedures,  see  the  software  configuration  guide  for  this  release. 

This  guide  does  not  describe  system  messages  you  might  encounter.  For  more  information,  see  the 
system  message  guide  for  this  release. 

For  documentation  updates,  see  the  release  notes  for  this  release. 

Conventions 

This  publication  uses  these  conventions  to  convey  instructions  and  information: 
Command  descriptions  use  these  conventions: 

•  Commands  and  keywords  are  in  boldface  text. 

•  Arguments  for  which  you  supply  values  are  in  italic. 

•  Square  brackets  ([  ])  means  optional  elements. 

•  Braces  ({ })  group  required  choices,  and  vertical  bars  (  I  )  separate  the  alternative  elements. 

•  Braces  and  vertical  bars  within  square  brackets  ([{  I  }])  mean  a  required  choice  within  an  optional 
element. 
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Interactive  examples  use  these  conventions: 

•  Terminal  sessions  and  system  displays  are  in  screen  font. 

•  Information  you  enter  is  in  boldface  screen  font. 

•  Nonprinting  characters,  such  as  passwords  or  tabs,  are  in  angle  brackets  (<  >). 
Notes,  cautions,  and  warnings  use  these  conventions  and  symbols: 

X   

Note      Means  reader  take  note.  Notes  contain  helpful  suggestions  or  references  to  materials  not  contained  in 
this  manual. 


A   

Caution      Means  reader  be  careful.  In  this  situation,  you  might  do  something  that  could  result  in  equipment 
damage  or  loss  of  data. 


Related  Publications 

These  documents  provide  complete  information  about  the  switch  and  are  available  from  this  Cisco.com 
site: 


Note      Before  installing,  configuring,  or  upgrading  the  switch,  see  these  documents: 

•  For  initial  configuration  information,  see  the  blade  switch  configuration  and  installation  instructions 
in  the  getting  started  guide  or  the  "Configuring  the  Switch  with  the  CLI-Based  Setup  Program" 
appendix  in  the  hardware  installation  guide. 

•  For  device  manager  requirements,  see  the  "System  Requirements"  section  in  the  release  notes  (not 
orderable  but  available  on  Cisco.com). 

•  For  Network  Assistant  requirements,  see  the  Getting  Started  with  Cisco  Network  Assistant  (not 
orderable  but  available  on  Cisco.com). 

•  For  cluster  requirements,  see  the  Release  Notes  for  Cisco  Network  Assistant  (not  orderable  but 
available  on  Cisco.com). 

•  For  upgrade  information,  see  the  "Downloading  Software"  section  in  the  release  notes. 


You  can  order  printed  copies  of  documents  with  a  DOC-xxxxxx=  number  from  the  Cisco.com  sites  and 
from  the  telephone  numbers  listed  in  the  "Obtaining  Documentation,  Obtaining  Support,  and  Security 
Guidelines"  section  on  page  xix. 

•  Cisco  Small  Form-Factor  Pluggable  Modules  Installation  Notes  (order  number  DOC-78 15 160=) 

•  These  compatibility  matrix  documents  are  available  from  this  Cisco.com  site: 

http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.ht 
ml 

-  Cisco  Gigabit  Ethernet  Transceiver  Modules  Compatibility  Matrix  (not  orderable  but  available 
on  Cisco.com) 

-  Cisco  Small  Form-Factor  Pluggable  Modules  Compatibility  Matrix  (not  orderable  but  available 
on  Cisco.com) 
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-   Compatibility  Matrix  for  1000BASE-T  Small  Form-Factor  Pluggable  Modules  (not  orderable 
but  available  on  Cisco.com) 

Obtaining  Documentation,  Obtaining  Support,  and  Security 
Guidelines 

For  information  on  obtaining  documentation,  obtaining  support,  providing  documentation  feedback, 
security  guidelines,  and  also  recommended  aliases  and  general  Cisco  documents,  see  the  monthly 
What's  New  in  Cisco  Product  Documentation,  which  also  lists  all  new  and  revised  Cisco  technical 
documentation,  at: 

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html 
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CHAPTER 


1 


Using  the  Command-Line  Interface 


The  switch  is  supported  by  Cisco  IOS  software.  This  chapter  describes  how  to  use  the  switch 
command-line  interface  (CLI)  to  configure  software  features. 

•  For  a  complete  description  of  the  commands  that  support  these  features,  see  Chapter  2,  "CGESM 
Switch  Cisco  IOS  Commands." 

•  For  information  on  the  bootloader  commands,  see  Appendix  A,  "CGESM  Switch  Bootloader 
Commands." 

•  For  information  on  the  debug  commands,  see  Appendix  B,  "CGESM  Switch  Debug  Commands." 

•  For  information  on  the  show  platform  commands,  see  Appendix  C,  "CGESM  Switch 
Show  Platform  Commands." 

•  For  more  information  on  Cisco  IOS  Release  12.2,  see  the  Cisco  IOS  Release  12.2  Command 
Summary. 

•  For  task-oriented  configuration  steps,  see  the  software  configuration  guide  for  this  release. 
In  this  document,  IP  refers  to  IP  version  4  (IPv4). 

CLI  Command  Modes 

This  section  describes  the  CLI  command  mode  structure.  Command  modes  support  specific  Cisco  IOS 
commands.  For  example,  the  interface  interface-id  command  only  works  when  entered  in  global 
configuration  mode. 

These  are  the  main  command  modes  for  the  switch: 

•  User  EXEC 

•  Privileged  EXEC 

•  Global  configuration 

•  Interface  configuration 

•  Config-vlan 

•  VLAN  configuration 

•  Line  configuration 
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H    CLI  Command  Modes 


Table  1-1  lists  the  main  command  modes,  how  to  access  each  mode,  the  prompt  you  see  in  that  mode, 
and  how  to  exit  that  mode.  The  prompts  listed  use  the  default  name  Switch. 


Table  1- 1     Command  Modes  Summary 


Command  Mode 

Access  Method 

Prompt 

Exit  or  Access  Next  Mode 

User  EXEC 

This  is  the  first  level  of  access. 

(For  the  switch)  Change  terminal 
settings,  perform  basic  tasks,  and 
list  system  information. 

Switch> 

Enter  the  logout  command. 

To  enter  privileged  EXEC  mode,  enter 
the  enable  command. 

Privileged  EXEC 

From  user  EXEC  mode,  enter  the 
enable  command. 

Switch* 

To  exit  to  user  EXEC  mode,  enter  the 
disable  command. 

To  enter  global  configuration  mode, 
enter  the  configure  command. 

Global 

configuration 

From  privileged  EXEC  mode, 
enter  the  configure  command. 

Switch ( conf ig) # 

To  exit  to  privileged  EXEC  mode, 
enter  the  exit  or  end  command,  or 
press  Ctrl-Z. 

To  enter  interface  configuration  mode, 
enter  the  interface  configuration 
command. 

Interface 
configuration 

From  global  configuration  mode, 
specify  an  interface  by  entering 
the  interface  command  followed 

Uy  all  UlLCIlaCC  lUCIlLlllCallUIl. 

Switch(conf ig-if ) # 

To  exit  to  privileged  EXEC  mode, 
enter  the  end  command,  or  press 
Ctrl-Z. 

To  exit  to  global  configuration  mode, 
enter  the  exit  command. 

Config-vlan 

In  global  configuration  mode, 
enter  the  vlan  vlan-id  command. 

Switch(conf ig-vlan) # 

To  exit  to  global  configuration  mode, 
enter  the  exit  command. 

To  return  to  privileged  EXEC  mode, 
enter  the  end  command,  or  press 
Ctrl-Z. 

VLAN 

configuration 

From  privileged  EXEC  mode, 
enter  the  vlan  database 
command. 

Switch (vlan) # 

To  exit  to  privileged  EXEC  mode, 
enter  the  exit  command. 

Line  configuration 

From  global  configuration  mode, 
specify  a  line  by  entering  the  line 
command. 

Switch(conf ig-line) # 

To  exit  to  global  configuration  mode, 
enter  the  exit  command. 

To  return  to  privileged  EXEC  mode, 
enter  the  end  command,  or  press 
Ctrl-Z. 
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User  EXEC  Mode 

After  you  access  the  device,  you  are  automatically  in  user  EXEC  command  mode.  The  EXEC  commands 
available  at  the  user  level  are  a  subset  of  those  available  at  the  privileged  level.  In  general,  use  the  user 
EXEC  commands  to  temporarily  change  terminal  settings,  perform  basic  tests,  and  list  system 
information. 

The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch>  ? 

Privileged  EXEC  Mode 

Because  many  of  the  privileged  commands  configure  operating  parameters,  privileged  access  should  be 
password-protected  to  prevent  unauthorized  use.  The  privileged  command  set  includes  those  commands 
contained  in  user  EXEC  mode,  as  well  as  the  configure  privileged  EXEC  command  through  which  you 
access  the  remaining  command  modes. 

If  your  system  administrator  has  set  a  password,  you  are  prompted  to  enter  it  before  being  granted  access 
to  privileged  EXEC  mode.  The  password  does  not  appear  on  the  screen  and  is  case  sensitive. 

The  privileged  EXEC  mode  prompt  is  the  device  name  followed  by  the  pound  sign  (#). 

Switch* 

Enter  the  enable  command  to  access  privileged  EXEC  mode: 

Switch>  enable 
Switch* 

The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch*  ? 

To  return  to  user  EXEC  mode,  enter  the  disable  privileged  EXEC  command. 

Global  Configuration  Mode 

Global  configuration  commands  apply  to  features  that  affect  the  device  as  a  whole.  Use  the  configure 
privileged  EXEC  command  to  enter  global  configuration  mode.  The  default  is  to  enter  commands  from 
the  management  console. 

When  you  enter  the  configure  command,  a  message  prompts  you  for  the  source  of  the  configuration 
commands: 

Switch*  configure 

Configuring  from  terminal,  memory,   or  network  [terminal]? 

You  can  specify  either  the  terminal  or  NVRAM  as  the  source  of  configuration  commands. 
This  example  shows  you  how  to  access  global  configuration  mode: 

Switch*  configure  terminal 

Enter  configuration  commands,   one  per  line.     End  with  CNTL/Z. 
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The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch (config) #  ? 

To  exit  global  configuration  command  mode  and  to  return  to  privileged  EXEC  mode,  enter  the  end  or 
exit  command,  or  press  Ctrl-Z. 

Interface  Configuration  Mode 

Interface  configuration  commands  modify  the  operation  of  the  interface.  Interface  configuration 
commands  always  follow  a  global  configuration  command,  which  defines  the  interface  type. 

Use  the  interface  interface-id  command  to  access  interface  configuration  mode.  The  new  prompt  means 
interface  configuration  mode. 

Switch(conf ig-if ) # 

The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch (conf ig-if )  #  ? 

To  exit  interface  configuration  mode  and  to  return  to  global  configuration  mode,  enter  the  exit  command. 
To  exit  interface  configuration  mode  and  to  return  to  privileged  EXEC  mode,  enter  the  end  command, 
or  press  Ctrl-Z. 

config-vlan  Mode 

Use  this  mode  to  configure  normal-range  VLANs  (VLAN  IDs  1  to  1005)  or,  when  VTP  mode  is 
transparent,  to  configure  extended-range  VLANs  (VLAN  IDs  1006  to  4094).  When  VTP  mode  is 
transparent,  the  VLAN  and  VTP  configuration  is  saved  in  the  running  configuration  file,  and  you  can 
save  it  to  the  switch  startup  configuration  file  by  using  the  copy  running-config  startup-config 
privileged  EXEC  command.  The  configurations  of  VLAN  IDs  1  to  1005  are  saved  in  the  VLAN  database 
if  VTP  is  in  transparent  or  server  mode.  The  extended-range  VLAN  configurations  are  not  saved  in  the 
VLAN  database. 

Enter  the  vlan  vlan-id  global  configuration  command  to  access  config-vlan  mode: 

Switch (conf ig) #  vlan  2000 

Switch ( config-vlan) # 

The  supported  keywords  can  vary  but  are  similar  to  the  commands  available  in  VLAN  configuration 
mode.  To  display  a  comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch (conf ig-vlan) #  ? 

For  extended-range  VLANs,  all  characteristics  except  the  MTU  size  must  remain  at  the  default  setting. 

To  return  to  global  configuration  mode,  enter  exit;  to  return  to  privileged  EXEC  mode,  enter  end.  All 
the  commands  except  shutdown  take  effect  when  you  exit  config-vlan  mode. 
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VLAN  Configuration  Mode 

You  can  use  the  VLAN  configuration  commands  to  create  or  modify  VLAN  parameters  for  VLAN  IDs 
1  to  1005. 

Enter  the  vlan  database  privileged  EXEC  command  to  access  VLAN  configuration  mode: 

Switch*  vlan  database 

Switch (vlan) # 

The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch (vlan) #  ? 

To  return  to  privileged  EXEC  mode,  enter  the  abort  VLAN  configuration  command  to  abandon  the 
proposed  database.  Otherwise,  enter  exit  to  implement  the  proposed  new  VLAN  database  and  to  return 
to  privileged  EXEC  mode.  When  you  enter  exit  or  apply,  the  configuration  is  saved  in  the  VLAN 
database;  configuration  from  VLAN  configuration  mode  cannot  be  saved  in  the  switch  configuration  file. 

Line  Configuration  Mode 

Line  configuration  commands  modify  the  operation  of  a  terminal  line.  Line  configuration  commands 
always  follow  a  line  command,  which  defines  a  line  number.  Use  these  commands  to  change  terminal 
parameter  settings  line-by-line  or  for  a  range  of  lines. 

Use  the  line  vty  line_number  [ending_line_number]  command  to  enter  line  configuration  mode.  The 
new  prompt  means  line  configuration  mode.  The  following  example  shows  how  to  enter  line 
configuration  mode  for  virtual  terminal  line  7: 

Switch (config) #  line  vty  0  7 

The  supported  commands  can  vary  depending  on  the  version  of  software  in  use.  To  display  a 
comprehensive  list  of  commands,  enter  a  question  mark  (?)  at  the  prompt. 

Switch (conf ig-line) #  ? 

To  exit  line  configuration  mode  and  to  return  to  global  configuration  mode,  use  the  exit  command.  To 
exit  line  configuration  mode  and  to  return  to  privileged  EXEC  mode,  enter  the  end  command,  or  press 
Ctrl-Z. 
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aaa  accounting  dotlx 

Use  the  aaa  accounting  dotlx  global  configuration  command  to  enable  authentication,  authorization, 
and  accounting  (AAA)  accounting  and  to  create  method  lists  defining  specific  accounting  methods  on  a 
per-line  or  per-interface  basis  for  IEEE  802.  lx  sessions.  Use  the  no  form  of  this  command  to  disable 
IEEE  802.  lx  accounting. 

aaa  accounting  dotlx  {name  I  default}  start-stop  {broadcast  group  {name  I  radius  I  tacacs+} 
[group  {name  I  radius  I  tacacs+} ...  ]  I  group  {name  I  radius  I  tacacs+}  [group  {name  I  radius 
I  tacacs+}  ...  ]} 

no  aaa  accounting  dotlx  {name  I  default} 


Syntax  Description       name  Name  of  a  server  group.  This  is  optional  when  you  enter  it  after  the 

broadcast  group  and  group  keywords. 

default  Use  the  accounting  methods  that  follow  as  the  default  list  for  accounting 

services. 

start-stop  Send  a  start  accounting  notice  at  the  beginning  of  a  process  and  a  stop 

accounting  notice  at  the  end  of  a  process.  The  start  accounting  record  is  sent 
in  the  background.  The  requested-user  process  begins  regardless  of  whether 
or  not  the  start  accounting  notice  was  received  by  the  accounting  server. 

broadcast  Enable  accounting  records  to  be  sent  to  multiple  AAA  servers  and  send 

accounting  records  to  the  first  server  in  each  group.  If  the  first  server  is 
unavailable,  the  switch  uses  the  list  of  backup  servers  to  identify  the  first 
server. 

group  Specify  the  server  group  to  be  used  for  accounting  services.  These  are  valid 

server  group  names: 

•  name — Name  of  a  server  group. 

•  radius — List  of  all  RADIUS  hosts. 

•  tacacs+ — List  of  all  TACACS+  hosts. 

The  group  keyword  is  optional  when  you  enter  it  after  the  broadcast  group 
and  group  keywords.  You  can  enter  more  than  optional  group  keyword. 


radius 

(Optional)  Enable  RADIUS  authorization. 

tacacs+ 

(Optional)  Enable  TACACS+  accounting. 
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Defaults 


AAA  accounting  is  disabled. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


This  command  requires  access  to  a  RADIUS  server. 

We  recommend  that  you  enter  the  dotlx  reauthentication  interface  configuration  command  before 
configuring  IEEE  802.  lx  RADIUS  accounting  on  an  interface. 


Examples  This  example  shows  how  to  configure  IEEE  802.  lx  accounting: 

Switch (config) #  aaa  new-model 

Switch (config) #  aaa  accounting  dotlx  default  start-stop  group  radius 

N   

Note      The  RADIUS  authentication  server  must  be  properly  configured  to  accept  and  log  update  or  watchdog 
packets  from  the  AAA  client. 


Related  Commands      Command  Description 


aaa  authentication 

Specifies  one  or  more  AAA  methods  for  use  on  interfaces  running 

dotlx 

IEEE  802. lx. 

aaa  new-model 

Enables  the  AAA  access  control  model.  For  syntax  information,  see  the 

Cisco  IOS  Security  Command  Reference,  Release  12.2  >  Authentication, 

Authorization,  and  Accounting  >  Authentication  Commands. 

dotlx  reauthentication 

Enables  or  disables  periodic  reauthentication. 

dotlx  timeout 

Sets  the  number  of  seconds  between  re-authentication  attempts. 

reauth-period 
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aaa  authentication  dotlx 

Use  the  aaa  authentication  dotlx  global  configuration  command  to  specify  the  authentication, 
authorization,  and  accounting  (AAA)  method  to  use  on  ports  complying  with  the  IEEE  802.  lx 
authentication.  Use  the  no  form  of  this  command  to  disable  authentication. 

aaa  authentication  dotlx  {default}  method! 

no  aaa  authentication  dotlx  {default} 


Syntax  Description      default  Use  the  listed  authentication  method  that  follows  this  argument  as  the  default 

method  when  a  user  logs  in. 

methodl  Enter  the  group  radius  keywords  to  use  the  list  of  all  RADIUS  servers  for 

authentication. 


X   

Note      Though  other  keywords  are  visible  in  the  command-line  help  strings,  only  the  default  and  group  radius 

keywords  are  supported. 


Defaults  No  authentication  is  performed. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  The  method  argument  identifies  the  method  that  the  authentication  algorithm  tries  in  the  given  sequence 
to  validate  the  password  provided  by  the  client.  The  only  method  that  is  truly  IEEE  802.1x-compliant  is 
the  group  radius  method,  in  which  the  client  data  is  validated  against  a  RADIUS  authentication  server. 

If  you  specify  group  radius,  you  must  configure  the  RADIUS  server  by  entering  the  radius-server  host 
global  configuration  command. 

Use  the  show  running-config  privileged  EXEC  command  to  display  the  configured  lists  of 
authentication  methods. 


Examples  This  example  shows  how  to  enable  AAA  and  how  to  create  an  IEEE  802.1x-compliant  authentication 

list.  This  authentication  first  tries  to  contact  a  RADIUS  server.  If  this  action  returns  an  error,  the  user  is 
not  allowed  access  to  the  network. 

Switch(conf ig) #  aaa  new-model 

Switch (config) #  aaa  authentication  dotlx  default  group  radius 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 
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Related  Commands      Command  Description 


aaa  new-model  Enables  the  AAA  access  control  model.  For  syntax  information,  see  the 

Cisco  IOS  Security  Command  Reference,  Release  12.2  >  Authentication, 
Authorization,  and  Accounting  >  Authentication  Commands. 

show  running-config      Displays  the  current  operating  configuration.  For  syntax  information,  select 

Cisco  IOS  Configuration  Fundamentals  Command  Reference,  Release 
12.2  >  File  Management  Commands  >  Configuration  File  Management 
Commands. 
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aaa  authorization  network 

Use  the  aaa  authorization  network  global  configuration  command  to  the  configure  the  switch  to  use 
user-RADIUS  authorization  for  all  network-related  service  requests,  such  as  IEEE  802.  lx  per-user 
access  control  lists  (ACLs)  or  VLAN  assignment.  Use  the  no  form  of  this  command  to  disable  RADIUS 
user  authorization. 

aaa  authorization  network  default  group  radius 

no  aaa  authorization  network  default 


Syntax  Description      default  group  Use  the  list  of  all  RADIUS  hosts  in  the  server  group  as  the  default  authorization 

radius  list. 


Defaults  Authorization  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Use  the  aaa  authorization  network  default  group  radius  global  configuration  command  to  allow  the 
switch  to  download  IEEE  802.  lx  authorization  parameters  from  the  RADIUS  servers  in  the  default 
authorization  list.  The  authorization  parameters  are  used  by  features  such  as  per-user  ACLs  or  VLAN 
assignment  to  get  parameters  from  the  RADIUS  servers. 

Use  the  show  running-config  privileged  EXEC  command  to  display  the  configured  lists  of  authorization 
methods. 


Examples  This  example  shows  how  to  configure  the  switch  for  user  RADIUS  authorization  for  all  network-related 

service  requests: 

Switch (config) #  aaa  authorization  network  default  group  radius 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config      Displays  the  current  operating  configuration.  For  syntax  information,  select 

Cisco  IOS  Configuration  Fundamentals  Command  Reference,  Release 
12.2  >  File  Management  Commands  >  Configuration  File  Management 
Commands. 
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action 

Use  the  action  access-map  configuration  command  to  set  the  action  for  the  VLAN  access  map  entry.  Use 
the  no  form  of  this  command  to  return  to  the  default  setting. 

action  {drop  I  forward) 

no  action 


Syntax  Description      drop  Drop  the  packet  when  the  specified  conditions  are  matched. 

forward  Forward  the  packet  when  the  specified  conditions  are  matched. 


Defaults  The  default  action  is  to  forward  packets. 


Command  Modes        Access-map  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       You  enter  access-map  configuration  mode  by  using  the  vlan  access-map  global  configuration  command. 

If  the  action  is  drop,  you  should  define  the  access  map,  including  configuring  any  access  control  list 
(ACL)  names  in  match  clauses,  before  applying  the  map  to  a  VLAN,  or  all  packets  could  be  dropped. 

In  access-map  configuration  mode,  use  the  match  access-map  configuration  command  to  define  the 
match  conditions  for  a  VLAN  map.  Use  the  action  command  to  set  the  action  that  occurs  when  a  packet 
matches  the  conditions. 

The  drop  and  forward  parameters  are  not  used  in  the  no  form  of  the  command. 


Examples  This  example  shows  how  to  identify  and  apply  a  VLAN  access  map  vmap4  to  VLANs  5  and  6  that  causes 

the  VLAN  to  forward  an  IP  packet  if  the  packet  matches  the  conditions  defined  in  access  list  al2: 

Switch (config) #  vlan  access-map  vmap4 

Switch (conf ig-access-map) #  match  ip  address  al2 

Switch (conf ig-access-map) #  action  forward 

Switch (conf ig-access-map) #  exit 

Switch (conf ig) #  vlan  filter  vmap4  vlan-list  5-6 

You  can  verify  your  settings  by  entering  the  show  vlan  access-map  privileged  EXEC  command. 
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Related  Commands  Command 


Description 


access-list  {deny  I  permit} 


ip  access-list 


mac  access-list  extended 


match  (class-map 
configuration) 


show  vlan  access-map 
vlan  access-map 


Configures  a  standard  numbered  ACL.  For  syntax  information,  select 
Cisco  IOS  IP  Command  Reference,  Volume  1  of  3: Addressing 
and  Services,  Release  12.2  >  IP  Services  Commands. 

Creates  a  named  access  list.  For  syntax  information,  select  Cisco 
IOS  IP  Command  Reference,  Volume  1  of  3: Addressing  and 
Services,  Release  12.2  >  IP  Services  Commands. 

Creates  a  named  MAC  address  access  list. 


Defines  the  match  conditions  for  a  VLAN  map. 


Displays  the  VLAN  access  maps  created  on  the  switch. 
Creates  a  VLAN  access  map. 
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archive  download-sw 

Use  the  archive  download-sw  privileged  EXEC  command  to  download  a  new  image  from  a  TFTP  server 
to  the  switch  and  to  overwrite  or  keep  the  existing  image. 

archive  download-sw  {/force-reload  I  /imageonly  I  /leave-old-sw  I  /no-set-boot  I  /overwrite  I 
/reload  I  /safe}  source-url 


Syntax  Description  /force-reload 


/imageonly 


/leave-old-sw 


/no-set-boot 

/overwrite 
/reload 


source-url 


Unconditionally  force  a  system  reload  after  successfully  downloading  the 
software  image. 

Download  only  the  software  image  but  not  the  HTML  files  associated  with 
the  embedded  device  manager.  The  HTML  files  for  the  existing  version  are 
deleted  only  if  the  existing  version  is  being  overwritten  or  removed. 

Keep  the  old  software  version  after  a  successful  download. 


Do  not  alter  the  setting  of  the  BOOT  environment  variable  to  point  to  the  new 
software  image  after  it  is  successfully  downloaded. 

Overwrite  the  software  image  in  flash  memory  with  the  downloaded  one. 

Reload  the  system  after  successfully  downloading  the  image  unless  the 
configuration  has  been  changed  and  not  been  saved. 

/safe  Keep  the  current  software  image;  do  not  delete  it  to  make  room  for  the  new 

software  image  before  the  new  image  is  downloaded.  The  current  image  is 
deleted  after  the  download. 


The  source  URL  alias  for  a  local  or  network  file  system.  These  options  are 
supported: 

•  The  syntax  for  the  local  flash  file  system: 
flash: 

•  The  syntax  for  the  FTP: 

ftp:[[y ') 'username[:password]@ location]/ 'directory]/ 'image -name  Xax 

•  The  syntax  for  an  HTTP  server: 
http://[[username:password]@]{ hostname  I 
host-ip  ]  [i 'directory]! 'image -name. tar 

•  The  syntax  for  a  secure  HTTP  server: 
htt\)s://[[username:password] @] { hostname  I 
host-ip  ]  [ldirectory]limage-name.tar 

•  The  syntax  for  the  Remote  Copy  Protocol  (RCP): 
rcp:[[//username@location]/directory]/image-name.tar 

•  The  syntax  for  the  TFTP: 
tftp:[[//location]/directory]/image-name.tar 

The  image -name. tar  is  the  software  image  to  download  and  install  on  the 
switch. 
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Defaults 


The  current  software  image  is  not  overwritten  with  the  downloaded  image. 
Both  the  software  image  and  HTML  files  are  downloaded. 
The  new  image  is  downloaded  to  the  flash:  file  system. 

The  BOOT  environment  variable  is  changed  to  point  to  the  new  software  image  on  the  flash:  file  system. 
Image  names  are  case  sensitive;  the  image  file  is  provided  in  tar  format. 

Compatibility  of  the  stack  protocol  version  on  the  image  to  be  downloaded  is  checked  with  the  version 
on  the  switch  stack. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  /imageonly  option  removes  the  HTML  files  for  the  existing  image  if  the  existing  image  is  being 
removed  or  replaced.  Only  the  Cisco  IOS  image  (without  the  HTML  files)  is  downloaded. 

Using  the  /safe  or  /leave-old-sw  option  can  cause  the  new  image  download  to  fail  if  there  is  insufficient 
flash  memory.  If  leaving  the  software  in  place  prevents  the  new  image  from  fitting  in  flash  memory  due 
to  space  constraints,  an  error  results. 

If  you  used  the  /leave-old-sw  option  and  did  not  overwrite  the  old  image  when  you  downloaded  the  new 
one,  you  can  remove  the  old  image  by  using  the  delete  privileged  EXEC  command.  For  more 
information,  see  the  "delete"  section  on  page  2-68. 

Use  the  /overwrite  option  to  overwrite  the  image  on  the  flash  device  with  the  downloaded  one. 

If  you  specify  the  command  without  the  /overwrite  option,  the  download  algorithm  verifies  that  the  new 
image  is  not  the  same  as  the  one  on  the  switch  flash  device.  If  the  images  are  the  same,  the  download 
does  not  occur.  If  the  images  are  different,  the  old  image  is  deleted,  and  the  new  one  is  downloaded. 

After  downloading  a  new  image,  enter  the  reload  privileged  EXEC  command  to  begin  using  the  new 
image,  or  specify  the  /reload  or  /force-reload  option  in  the  archive  download-sw  command. 


Examples 


This  example  shows  how  to  download  a  new  image  from  a  TFTP  server  at  172.20.129.10  and  overwrite 
the  image  on  the  switch: 

Switch#  archive  download-sw  /overwrite  tftp : / / 172 . 2 0 . 129 . 10/test-image . tar 

This  example  shows  how  to  download  only  the  software  image  from  a  TFTP  server  at  172.20.129.10  to 
the  switch: 

Switch#  archive  download-sw  /imageonly  tftp : //172 . 20 . 129 . 10/test-image . tar 

This  example  shows  how  to  keep  the  old  software  version  after  a  successful  download: 

Switch#  archive  download-sw  /leave-old-sw  tftp :/ /172 . 20 . 129 . 10/test-image . tar 
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Related  Commands      Command  Description 


archive  tar 

Creates  a  tar  file,  lists  the  files  in  a  tar  file,  or  extracts  the  files  from  a  tar  file. 

archive  upload-sw 

Uploads  an  existing  image  on  the  switch  to  a  server. 

delete 

Deletes  a  file  or  directory  on  the  flash  memory  device. 
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archive  tar 

Use  the  archive  tar  privileged  EXEC  command  to  create  a  tar  file,  list  files  in  a  tar  file,  or  extract  the 
files  from  a  tar  file. 

archive  tar  {/create  destination-url  f[ash:/file-url}  I  {/table  source-url]  I  {/xtract  source-url 
flash:/file-url  [dir/file...]] 


Syntax  Description       /create  destination-url         Create  a  new  tar  file  on  the  local  or  network  file  system. 

flash. /file  url  pQr  jeSfjnclfjon.Mr/)  specify  me  destination  URL  alias  for  the  local  or 

network  file  system  and  the  name  of  the  tar  file  to  create.  These  options 
are  supported: 

•  The  syntax  for  the  local  flash  file  system: 
flash: 

•  The  syntax  for  the  FTP: 
ftp:[[//username[:password]@ location]! 'directory]) 'tar- filename. tar 

•  The  syntax  for  an  HTTP  server: 
http://[[username:password]@]{ hostname  I 
host-ip  ]  [/directory]/image-name.tar 

•  The  syntax  for  a  secure  HTTP  server: 
https://[[username:password]@]{ hostname  I 
host-ip  ]  [ldirectory]limage-name.tar 

•  The  syntax  for  the  Remote  Copy  Protocol  (RCP)  is: 
rcp:[[//username@ location]/ 'directory]! 'tar- filename.tar 

•  The  syntax  for  the  TFTP: 

tf tp :  [  [/ '/location]/ 'directory]! 'tar- filename. tar 

The  tar- filename. tar  is  the  tar  file  to  be  created. 

For  f\ash:/file-url,  specify  me  location  on  the  local  flash  file  system  from 
which  the  new  tar  file  is  created. 

An  optional  list  of  files  or  directories  within  the  source  directory  can  be 
specified  to  write  to  the  new  tar  file.  If  none  are  specified,  all  files  and 
directories  at  this  level  are  written  to  the  newly  created  tar  file. 
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/table  source-url  Display  the  contents  of  an  existing  tar  file  to  the  screen. 

For  source-url,  specify  the  source  URL  alias  for  the  local  or  network  file 
system.  These  options  are  supported: 

•  The  syntax  for  the  local  flash  file  system: 
flash: 

•  The  syntax  for  the  FTP: 
ftp:[[//username[:password]@ location]/ 'directory]/ 'tar- filename. tar 

•  The  syntax  for  an  HTTP  server: 
http://[[username:password]@]{ hostname  I 
host-ip}[/ 'directory]! 'image -name. tar 

•  The  syntax  for  a  secure  HTTP  server: 
https://[[username:password]@]{ hostname  I 
host-ip }  [I  directory]/ image-name. tar 

•  The  syntax  for  the  RCP: 
rcp:[[//username@ location]/ 'directory]! 'tar-filename. tar 

•  The  syntax  for  the  TFTP: 
tftp:[[/ '/location]/ 'directory]! 'tar- filename. tar 

The  tar- filename. tar  is  the  tar  file  to  display. 
Extract  files  from  a  tar  file  to  the  local  file  system. 

For  source-url,  specify  rhe  source  URL  alias  for  the  local  file  system. 
These  options  are  supported: 

•  The  syntax  for  the  local  flash  file  system: 
flash: 

•  The  syntax  for  the  FTP: 
ftp :  [  [/ 'l 'username[:password]@ location]/ 'directory]! 'tar-filename .tar 

•  The  syntax  for  an  HTTP  server: 
http://[[username:password]@]{ hostname  I 
host-ip }  [ldirectory]limage-name.tar 

•  The  syntax  for  a  secure  HTTP  server: 
httj>s://[[username:password]  @]  { hostname  I 
host-ip][i 'directory]! 'image -name. tar 

•  The  syntax  for  the  RCP: 
rcp:[[//username@  location]/ 'directory]! 'tar- filename. tar 

•  The  syntax  for  the  TFTP: 
tftp:[[y '/location]/ 'directory]! 'tar- filename. tar 

The  tar- filename. tar  is  the  tar  file  from  which  to  extract. 

For  f\ash:/file-url  [dir/file...],  specify  fhe  location  on  the  local  flash  file 
system  into  which  the  tar  file  is  extracted.  Use  the  dir/file...  option  to 
specify  an  optional  list  of  files  or  directories  within  the  tar  file  to  be 
extracted.  If  none  are  specified,  all  files  and  directories  are  extracted. 


Defaults  There  is  no  default  setting. 


/xtract  source-url 
flash:/ 'file -url  [dir/file...] 
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Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 
Image  names  are  case  sensitive. 


Examples 


This  example  shows  how  to  create  a  tar  file.  The  command  writes  the  contents  of  the  new-configs 
directory  on  the  local  flash  device  to  a  file  named  saved,  tar  on  the  TFTP  server  at  172.20.10.30: 

Switch#  archive  tar  /create  tf tp : 172 . 20 . 10 . 30 /saved. tar  flash: /new-configs 

This  example  shows  how  to  display  the  contents  of  thecgesm-tvO-m.tar  file  that  is  in  flash  memory.  The 
contents  of  the  tar  file  appear  on  the  screen: 

Switch#  archive  tar  /table  f lash:cgesm-tv0-m.tar 

info   (219  bytes) 

cgesm-tvO-mz-122 /  (directory) 

cgesm-tv0-mz-122/tv0-mz-122 .bin   (610856  bytes) 
cgesm-tvO-mz-122/info    (219  bytes) 
info.ver   (219  bytes) 

This  example  shows  how  to  display  only  the  cgesm-tvO-mz-122/html  directory  and  its  contents: 

Switch#  archive  tar  /table  f lash:cgesm-tv0-m.tar 

cgesm- tvO-mz-122 /html /  (directory) 
cgesm-tvO-mz-122 /html /const . htm  (556  bytes) 
cgesm- tvO-mz-122 /html /xhome . htm  (9373  bytes) 
cgesm- tvO-mz-122 /html/menu . ess   (1654  bytes) 
<output  truncated> 

This  example  shows  how  to  extract  the  contents  of  a  tar  file  on  the  TFTP  server  at  172.20.10.30.  This 
command  extracts  just  the  new-configs  directory  into  the  root  directory  on  the  local  flash  file  system. 
The  remaining  files  in  the  saved,  tar  file  are  ignored. 

Switch*  archive  tar  /xtract  tf tp : /172 . 20 . 10 . 30/saved. tar  flash:/  new-configs 


Related  Commands  Command 


Description 


archive  download-sw     Downloads  a  new  image  from  a  TFTP  server  to  the  switch. 


archive  upload-sw 


Uploads  an  existing  image  on  the  switch  to  a  server. 
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archive  upload-sw 

Use  the  archive  upload-sw  privileged  EXEC  command  to  upload  an  existing  switch  image  to  a  server, 
archive  upload-sw  [/version  version_string]  destination-url 


Syntax  Description       /version  version_string    (Optional)  Specify  the  specific  version  string  of  the  image  to  be  uploaded. 

destination-url  The  destination  URL  alias  for  a  local  or  network  file  system.  These  options 

are  supported: 

•  The  syntax  for  the  local  flash  file  system: 
flash: 

•  The  syntax  for  the  FTP: 
ft\>:[[llusername[:password]@  location}/ directory]/ image-name.tar 

•  The  syntax  for  an  HTTP  server: 
http://[[username:password]@]{  hostname  I 
host-ip }  [I  directory]/ image-name  .tar 

•  The  syntax  for  a  secure  HTTP  server: 
https://[[username:password]  @]  { hostname  I 
host-ip  ]  [/directory]/image-name.tar 

•  The  syntax  for  the  Remote  Copy  Protocol  (RCP): 
rcp:[[//username@location]/directory]/image-name.tar 

•  The  syntax  for  the  TFTP: 

tftp:[[y 'l 'location]/ 'directory]! 'image-name. tar 

The  image -name. tar  is  the  name  of  software  image  to  be  stored  on  the 
server. 


Defaults  Uploads  the  currently  running  image  from  the  flash:  file  system. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Use  the  upload  feature  only  if  the  HTML  files  associated  with  the  embedded  device  manager  have  been 
installed  with  the  existing  image. 

The  files  are  uploaded  in  this  sequence:  the  Cisco  IOS  image,  the  HTML  files,  and  info.  After  these  files 
are  uploaded,  the  software  creates  the  tar  file. 

Image  names  are  case  sensitive. 
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Examples  This  example  shows  how  to  upload  the  currently  running  image  to  a  TFTP  server  at  172.20.140.2: 

Switch*  archive  upload-sw  tf tp : //172 . 20 . 140 . 2/test-image . tar 


Related  Commands      Command  Description 

archive  download-sw     Downloads  a  new  image  to  the  switch. 

archive  tar  Creates  a  tar  file,  lists  the  files  in  a  tar  file,  or  extracts  the  files  from  a  tar  file. 
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auto  qos  voip 

Use  the  auto  qos  voip  interface  configuration  command  to  automatically  configure  quality  of  service 
(QoS)  for  voice  over  IP  (VoIP)  within  a  QoS  domain.  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

auto  qos  voip  {cisco-phone  I  cisco-softphone  I  trust} 

no  auto  qos  voip  [cisco-phone  I  cisco-softphone  I  trust] 


Syntax  Description  cisco-phone 


cisco-softphone 


trust 


Identify  this  port  as  connected  to  a  Cisco  IP  Phone,  and  automatically  configure  QoS 
for  VoIP.  The  QoS  labels  of  incoming  packets  are  trusted  only  when  the  telephone 
is  detected. 

Identify  this  port  as  connected  to  a  device  running  the  Cisco  SoftPhone,  and 
automatically  configure  QoS  for  VoIP. 

Identify  this  port  as  connected  to  a  trusted  switch  or  router,  and  automatically 
configure  QoS  for  VoIP.  The  QoS  labels  of  incoming  packets  are  trusted.  For 
nonrouted  ports,  the  CoS  value  of  the  incoming  packet  is  trusted 


Defaults  Auto-QoS  is  disabled  on  the  port. 

When  auto-QoS  is  enabled,  it  uses  the  ingress  packet  label  to  categorize  traffic,  to  assign  packet  labels, 
and  to  configure  the  ingress  and  egress  queues  as  shown  in  Table  2-1. 


Table  2-1     Traffic  Types,  Packet  Labels,  and  Queues 


VoIP  Data 
Traffic 

VoIP  Control 
Traffic 

Routing  Protocol 
Traffic 

STP1  BPDU2 
Traffic 

Real-Time 
Video  Traffic 

All  Other  Traffic 

DSCP3 

46 

24,  26 

48 

56 

34 

CoS4 

5 

3 

6 

7 

3 

CoS-to-Ingress 
Queue  Map 

2,  3,  4,  5,  6,  7  (queue  2) 

0,  1  (queue  1) 

CoS-to-Egress 
Queue  Map 

5  (queue  1) 

3,  6,  7  (queue  2) 

4 (queue  3) 

2 

(queue  3) 

0,  1 

(queue  4) 

1.  STP  =  Spanning  Tree  Protocol 

2.  BPDU  =  bridge  protocol  data  unit 

3.  DSCP  =  Differentiated  Services  Code  Point 

4.  CoS  =  class  of  service 
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Table  2-2  shows  the  generated  auto-QoS  configuration  for  the  ingress  queues. 


Table  2-2    Auto-QoS  Configuration  for  the  Ingress  Queues 


Ingress  Queue 

Queue  Number 

CoS-to-Queue  Map 

Queue  Weight 
(Bandwidth) 

Queue  (Buffer) 
Size 

SRR1  shared 

1 

0,  1 

81  percent 

67  percent 

Priority 

2 

2,  3,4,  5,  6,  7 

19  percent 

33  percent 

1.    SRR  =  shaped  round  robin.  Ingress  queues  support  shared  mode  only. 


Table  2-3  shows  the  generated  auto-QoS  configuration  for  the  egress  queues. 


Table  2-3    Auto-QoS  Configuration  for  the  Egress  Queues 


Egress  Queue 

Queue  Number 

CoS-to-Queue  Map 

Queue  Weight 
(Bandwidth) 

Queue  (Buffer)  Size 
for  Gigabit-Capable 
Ports 

Queue  (Buffer) 
Size  for  10/100 
Ethernet  Ports 

Priority  (shaped) 

1 

5 

10  percent 

16  percent 

10  percent 

SRR  shared 

2 

3,  6,  7 

10  percent 

6  percent 

10  percent 

SRR  shared 

3 

2,4 

60  percent 

17  percent 

26  percent 

SRR  shared 

4 

0,  1 

20  percent 

61  percent 

54  percent 

Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Use  this  command  to  configure  the  QoS  appropriate  for  VoIP  traffic  within  the  QoS  domain.  The  QoS 
domain  includes  the  switch,  the  interior  of  the  network,  and  edge  devices  that  can  classify  incoming 
traffic  for  QoS. 

Auto-QoS  configures  the  switch  for  VoIP  with  Cisco  IP  Phones  on  switch  and  routed  ports  and  for  VoIP 
with  devices  running  the  Cisco  SoftPhone  application.  These  releases  support  only  Cisco  IP  SoftPhone 
Version  1.3(3)  or  later.  Connected  devices  must  use  Cisco  Call  Manager  Version  4  or  later. 

To  take  advantage  of  the  auto-QoS  defaults,  you  should  enable  auto-QoS  before  you  configure  other  QoS 
commands.  You  can  fine-tune  the  auto-QoS  configuration  after  you  enable  auto-QoS. 

X   

Note      The  switch  applies  the  auto-QoS-generated  commands  as  if  the  commands  were  entered  from  the 

command-line  interface  (CLI).  An  existing  user  configuration  can  cause  the  application  of  the  generated 
commands  to  fail  or  to  be  overridden  by  the  generated  commands.  These  actions  occur  without  warning. 
If  all  the  generated  commands  are  successfully  applied,  any  user-entered  configuration  that  was  not 
overridden  remains  in  the  running  configuration.  Any  user-entered  configuration  that  was  overridden  can 
be  retrieved  by  reloading  the  switch  without  saving  the  current  configuration  to  memory.  If  the  generated 
commands  fail  to  be  applied,  the  previous  running  configuration  is  restored. 
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If  this  is  the  first  port  on  which  you  have  enabled  auto-QoS,  the  auto-QoS-generated  global  configuration 
commands  are  executed  followed  by  the  interface  configuration  commands.  If  you  enable  auto-QoS  on 
another  port,  only  the  auto-QoS-generated  interface  configuration  commands  for  that  port  are  executed. 

When  you  enable  the  auto-QoS  feature  on  the  first  port,  these  automatic  actions  occur: 

•  QoS  is  globally  enabled  (mis  qos  global  configuration  command),  and  other  global  configuration 
commands  are  added. 

•  When  you  enter  the  auto  qos  voip  cisco-phone  interface  configuration  command  on  a  port  at  the 
edge  of  the  network  that  is  connected  to  a  Cisco  IP  Phone,  the  switch  enables  the  trusted  boundary 
feature.  The  switch  uses  the  Cisco  Discovery  Protocol  (CDP)  to  detect  the  presence  or  absence  of  a 
Cisco  IP  Phone.  When  a  Cisco  IP  Phone  is  detected,  the  ingress  classification  on  the  port  is  set  to 
trust  the  QoS  label  received  in  the  packet.  When  a  Cisco  IP  Phone  is  absent,  the  ingress  classification 
is  set  to  not  trust  the  QoS  label  in  the  packet.  The  switch  configures  ingress  and  egress  queues  on 
the  port  according  to  the  settings  in  Table  2-2  and  Table  2-3. 

•  When  you  enter  the  auto  qos  voip  cisco-softphone  interface  configuration  command  on  a  port  at 
the  edge  of  the  network  that  is  connected  to  a  device  running  the  Cisco  SoftPhone,  the  switch  uses 
policing  to  decide  whether  a  packet  is  in  or  out  of  profile  and  to  specify  the  action  on  the  packet.  If 
the  packet  does  not  have  a  DSCP  value  of  24,  26,  or  46  or  is  out  of  profile,  the  switch  changes  the 
DSCP  value  to  0.  The  switch  configures  ingress  and  egress  queues  on  the  port  according  to  the 
settings  in  Table  2-2  and  Table  2-3. 

•  When  you  enter  the  auto  qos  voip  trust  interface  configuration  command  on  a  port  connected  to  the 
interior  of  the  network,  the  switch  trusts  the  CoS  value  for  nonrouted  ports  in  ingress  packets  (the 
assumption  is  that  traffic  has  already  been  classified  by  other  edge  devices).  The  switch  configures 
the  ingress  and  egress  queues  on  the  port  according  to  the  settings  in  Table  2-2  and  Table  2-3. 

You  can  enable  auto-QoS  on  static,  dynamic-access,  and  voice  VLAN  access,  and  trunk  ports.  When 
enabling  auto-QoS  with  a  Cisco  IP  Phone  on  a  routed  port,  you  must  assign  a  static  IP  address  to  the 
IP  phone. 

X   

Note      When  a  device  running  Cisco  SoftPhone  is  connected  to  a  switch  or  routed  port,  the  switch  supports  only 
one  Cisco  SoftPhone  application  per  port. 


After  auto-QoS  is  enabled,  do  not  modify  a  policy  map  or  aggregate  policer  that  includes  AutoQoS  in  its 
name.  If  you  need  to  modify  the  policy  map  or  aggregate  policer,  make  a  copy  of  it,  and  change  the 
copied  policy  map  or  policer.  To  use  the  new  policy  map  instead  of  the  generated  one,  remove  the 
generated  policy  map  from  the  interface,  and  apply  the  new  policy  map. 

To  display  the  QoS  configuration  that  is  automatically  generated  when  auto-QoS  is  enabled,  enable 
debugging  before  you  enable  auto-QoS.  Use  the  debug  auto  qos  privileged  EXEC  command  to  enable 
auto-QoS  debugging.  For  more  information,  see  the  debug  auto  qos  command. 

To  disable  auto-QoS  on  a  port,  use  the  no  auto  qos  voip  interface  configuration  command.  Only  the 
auto-QoS-generated  interface  configuration  commands  for  this  port  are  removed.  If  this  is  the  last  port 
on  which  auto-QoS  is  enabled  and  you  enter  the  no  auto  qos  voip  command,  auto-QoS  is  considered 
disabled  even  though  the  auto-QoS -generated  global  configuration  commands  remain  (to  avoid 
disrupting  traffic  on  other  ports  affected  by  the  global  configuration).  You  can  use  the  no  mis  qos  global 
configuration  command  to  disable  the  auto-QoS-generated  global  configuration  commands.  With  QoS 
disabled,  there  is  no  concept  of  trusted  or  untrusted  ports  because  the  packets  are  not  modified  (the  CoS, 
DSCP,  and  IP  precedence  values  in  the  packet  are  not  changed).  Traffic  is  switched  in  pass-through  mode 
(packets  are  switched  without  any  rewrites  and  classified  as  best  effort  without  any  policing). 
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Examples  This  example  shows  how  to  enable  auto-QoS  and  to  trust  the  QoS  labels  received  in  incoming  packets 

when  the  switch  or  router  connected  to  the  port  is  a  trusted  device: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  auto  qos  voip  trust 

You  can  verify  your  settings  by  entering  the  show  auto  qos  interface  interface-id  privileged  EXEC 
command. 


Related  Commands      Command  Description 


debug  auto  qos 

Enables  debugging  of  the  auto-QoS  feature. 

mis  qos  cos 

Defines  the  default  CoS  value  of  a  port  or  assigns  the  default 

CoS  to  all  incoming  packets  on  the  port. 

mis  qos  map  {cos-dscp  dscpl ...  dscp8 

Defines  the  CoS-to-DSCP  map  or  the  DSCP-to-CoS  map. 

1  dscp-cos  dscp-list  to  cos} 

mis  qos  queue-set  output  buffers 

Allocates  buffers  to  a  queue-set. 

mis  qos  srr-queue  input  bandwidth 

Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 

queue. 

mis  qos  srr-queue  input  buffers 

Allocates  the  buffers  between  the  ingress  queues. 

mis  qos  srr-queue  input  cos-map 

Maps  CoS  values  to  an  ingress  queue  or  maps  CoS  values  to 

a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  input  dscp-map 

Maps  DSCP  values  to  an  ingress  queue  or  maps  DSCP  values 

to  a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  input 

Configures  the  ingress  priority  queue  and  guarantees 

priority-queue 

bandwidth. 

mis  qos  srr-queue  output  cos-map 

Maps  CoS  values  to  an  egress  queue  or  maps  CoS  values  to 

a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  dscp-map 

Maps  DSCP  values  to  an  egress  queue  or  maps  DSCP  values 

to  a  queue  and  to  a  threshold  ID. 

mis  qos  trust 

Configures  the  port  trust  state. 

queue-set 

Maps  a  port  to  a  queue-set. 

show  auto  qos 

Displays  auto-QoS  information. 

show  mis  qos  interface 

Displays  QoS  information  at  the  port  level. 

srr-queue  bandwidth  shape 

Assigns  the  shaped  weights  and  enables  bandwidth  shaping 

on  the  four  egress  queues  mapped  to  a  port. 

srr-queue  bandwidth  share 

Assigns  the  shared  weights  and  enables  bandwidth  sharing 

on  the  four  egress  queues  mapped  to  a  port. 
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boot  boothlpr 


Use  the  boot  boothlpr  global  configuration  command  to  load  a  special  Cisco  IOS  image,  which  when 
loaded  into  memory,  can  load  a  second  Cisco  IOS  image  into  memory  and  launch  it.  This  variable  is  used 
only  for  internal  development  and  testing.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

boot  boothlpr  filesystem:lfile-url 

no  boot  boothlpr 


Syntax  Description  filesystem: 


Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 


Ifile-url 


The  path  (directory)  and  name  of  a  bootable  helper  image. 


Defaults 


No  helper  image  is  loaded. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Filenames  and  directory  names  are  case  sensitive. 

This  command  changes  the  setting  of  the  BOOTHLPR  environment  variable.  For  more  information,  see 
Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands  Command 

show  boot 


Description 

Displays  the  settings  of  the  boot  environment  variables. 
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boot  config-file 


Use  the  boot  config-file  global  configuration  command  to  specify  the  filename  that  Cisco  IOS  uses  to 
read  and  write  a  nonvolatile  copy  of  the  system  configuration.  Use  the  no  form  of  this  command  to  return 
to  the  default  setting. 

boot  config-file  (lash:/flle-url 

no  boot  config-file 


Syntax  Description      flash :/file-url 


The  path  (directory)  and  name  of  the  configuration  file. 


Defaults 


The  default  configuration  file  is  flashxonfig.text. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 

This  command  changes  the  setting  of  the  CONFIG_FILE  environment  variable.  For  more  information, 
see  Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands  Command 

show  boot 


Description 

Displays  the  settings  of  the  boot  environment  variables. 
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boot  enable-break 


Use  the  boot  enable-break  global  configuration  command  to  enable  interrupting  the  automatic  bootup 
process.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

boot  enable-break 

no  boot  enable-break 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Disabled.  The  automatic  bootup  process  cannot  be  interrupted  by  pressing  the  Break  key  on  the  console. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines        When  you  enter  this  command,  you  can  interrupt  the  automatic  bootup  process  by  pressing  the  Break 
key  on  the  console  after  the  flash  file  system  is  initialized. 

%   

Note      Despite  the  setting  of  this  command,  you  can  interrupt  the  automatic  bootup  process  at  any  time  by 
pressing  the  MODE  button  on  the  switch  front  panel. 

This  command  changes  the  setting  of  the  ENABLE_BREAK  environment  variable.  For  more 
information,  see  Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands  Command 

show  boot 


Description 

Displays  the  settings  of  the  bootup  environment  variables. 
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boot  helper 

Use  the  boot  helper  global  configuration  command  to  dynamically  load  files  during  bootloader 
initialization  to  extend  or  patch  the  functionality  of  the  bootloader.  Use  the  no  form  of  this  command  to 
return  to  the  default. 

boot  helper  filesystem:lfile-url ... 

no  boot  helper 


Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url  The  path  (directory)  and  a  list  of  loadable  files  to  dynamically  load  during 

loader  initialization.  Separate  each  image  name  with  a  semicolon. 


Defaults  No  helper  files  are  loaded. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       This  variable  is  used  only  for  internal  development  and  testing. 

Filenames  and  directory  names  are  case  sensitive. 

This  command  changes  the  setting  of  the  HELPER  environment  variable.  For  more  information,  see 
Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands      Command  Description 

show  boot  Displays  the  settings  of  the  bootup  environment  variables. 
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boot  helper-config-file 


Use  the  boot  helper-config-file  global  configuration  command  to  specify  the  name  of  the  configuration 
file  to  be  used  by  the  Cisco  IOS  helper  image.  If  this  is  not  set,  the  file  specified  by  the  CONFIG_FILE 
environment  variable  is  used  by  all  versions  of  Cisco  IOS  that  are  loaded.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

boot  helper-config-file  filesystem:lfile-url 

no  boot  helper-config  file 


Syntax  Description  filesystem: 


Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash 
device. 


Ifile-url 


The  path  (directory)  and  helper  configuration  file  to  load. 


Defaults 


No  helper  configuration  file  is  specified. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


This  variable  is  used  only  for  internal  development  and  testing. 
Filenames  and  directory  names  are  case  sensitive. 

This  command  changes  the  setting  of  the  HELPER_CONFIG_FILE  environment  variable.  For  more 
information,  see  Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands  Command 


Description 


show  boot 


Displays  the  settings  of  the  bootup  environment  variables. 
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boot  manual 


Use  the  boot  manual  global  configuration  command  to  enable  manually  booting  the  switch  during  the 
next  bootup  cycle.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

boot  manual 

no  boot  manual 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Manual  booting  up  is  disabled. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


The  next  time  you  reboot  the  system,  the  switch  is  in  bootloader  mode,  which  is  shown  by  the  switch: 
prompt.  To  boot  up  the  system,  use  the  bootloader  command,  and  specify  the  name  of  the  bootable 
image. 

This  command  changes  the  setting  of  the  MANUAL_BOOT  environment  variable.  For  more 
information,  see  Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands 


Command 

show  boot 


Description 

Displays  the  settings  of  the  boot  environment  variables. 
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boot  private-config-file 

Use  the  boot  private-config-file  global  configuration  command  to  specify  the  filename  that  Cisco  IOS 
uses  to  read  and  write  a  nonvolatile  copy  of  the  private  configuration.  Use  the  no  form  of  this  command 
to  return  to  the  default  setting. 

boot  private-config-file  filename 

no  boot  private-config-file 


Syntax  Description      filename  The  name  of  the  private  configuration  file. 


Defaults  The  default  configuration  file  is  private-config. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Filenames  are  case  sensitive. 


Examples  This  example  shows  how  to  specify  the  name  of  the  private  configuration  file  to  be  pconfig: 

Switch ( config) #  boot  private-config-file  pconfig 


Related  Commands      Command  Description 

show  boot  Displays  the  settings  of  the  boot  environment  variables. 
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boot  system 

Use  the  boot  system  global  configuration  command  to  specify  the  Cisco  10S  image  to  load  during  the 
next  bootup  cycle.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

boot  system  filesystem:/file-url ... 

no  boot  system 


Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url  The  path  (directory)  and  name  of  a  bootable  image.  Separate  image  names 

with  a  semicolon. 


Defaults  The  switch  attempts  to  automatically  boot  up  the  system  by  using  information  in  the  BOOT  environment 

variable.  If  this  variable  is  not  set,  the  switch  attempts  to  load  and  execute  the  first  executable  image  it 
can  by  performing  a  recursive,  depth-first  search  throughout  the  flash  file  system.  In  a  depth-first  search 
of  a  directory,  each  encountered  subdirectory  is  completely  searched  before  continuing  the  search  in  the 
original  directory. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 

If  you  are  using  the  archive  download-sw  privileged  EXEC  command  to  maintain  system  images,  you 
never  need  to  use  the  boot  system  command.  The  boot  system  command  is  automatically  manipulated 
to  load  the  downloaded  image. 

This  command  changes  the  setting  of  the  BOOT  environment  variable.  For  more  information,  see 
Appendix  A,  "CGESM  Switch  Bootloader  Commands." 


Related  Commands      Command  Description 

show  boot  Displays  the  settings  of  the  boot  environment  variables. 
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channel-group 

Use  the  channel-group  interface  configuration  command  to  assign  an  Ethernet  port  to  an  EtherChannel 
group,  to  enable  an  EtherChannel  mode,  or  both.  Use  the  no  form  of  this  command  to  remove  an  Ethernet 
port  from  an  EtherChannel  group. 

channel-group  channel-group-number  mode  {active  I  {auto  [non-silent]}  I  {desirable 
[non-silent] }  I  on  I  passive } 

no  channel-group 

PAgP  modes: 

channel-group  channel-group-number  mode  {{auto  [non-silent]}  I  {desirable  [non-silent}} 

LACP  modes: 

channel-group  channel-group-number  mode  {active  I  passive} 

On  mode: 

channel-group  channel-group-number  mode  on 


Syntax  Description       channel-group-number      Specify  the  channel  group  number.  The  range  is  1  to  48. 
mode  Specify  the  EtherChannel  mode. 

active  Unconditionally  enable  Link  Aggregation  Control  Protocol  (LACP). 

Active  mode  places  a  port  into  a  negotiating  state  in  which  the  port  initiates 
negotiations  with  other  ports  by  sending  LACP  packets.  A  channel  is 
formed  with  another  port  group  in  either  the  active  or  passive  mode. 

auto  Enable  the  Port  Aggregation  Protocol  (PAgP)  only  if  a  PAgP  device  is 

detected. 

Auto  mode  places  a  port  into  a  passive  negotiating  state  in  which  the  port 
responds  to  PAgP  packets  it  receives  but  does  not  start  PAgP  packet 
negotiation.  A  channel  is  formed  only  with  another  port  group  in  desirable 
mode.  When  auto  is  enabled,  silent  operation  is  the  default. 

desirable  Unconditionally  enable  PAgP. 

Desirable  mode  places  a  port  into  an  active  negotiating  state  in  which  the 
port  starts  negotiations  with  other  ports  by  sending  PAgP  packets.  An 
EtherChannel  is  formed  with  another  port  group  that  is  in  the  desirable  or 
auto  mode.  When  desirable  is  enabled,  silent  operation  is  the  default. 


non-silent 

(Optional)  Use  in  PAgP  mode  with  the  auto  or  desirable  keyword  when 
traffic  is  expected  from  the  other  device. 

on 

Enable  on  mode. 

In  on  mode,  a  usable  EtherChannel  exists  only  when  both  connected  port 

groups  are  in  the  on  mode. 

passive 

Enable  LACP  only  if  a  LACP  device  is  detected. 

Passive  mode  places  a  port  into  a  negotiating  state  in  which  the  port 
responds  to  received  LACP  packets  but  does  not  initiate  LACP  packet 
negotiation.  A  channel  is  formed  only  with  another  port  group  in  active 
mode. 
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Defaults 


No  channel  groups  are  assigned. 
No  mode  is  configured. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


A 


Caution 


For  Layer  2  EtherChannels,  you  do  not  have  to  create  a  port-channel  interface  first  by  using  the  interface 
port-channel  global  configuration  command  before  assigning  a  physical  port  to  a  channel  group. 
Instead,  you  can  use  the  channel-group  interface  configuration  command.  It  automatically  creates  the 
port-channel  interface  when  the  channel  group  gets  its  first  physical  port  if  the  logical  interface  is  not 
already  created.  If  you  create  the  port-channel  interface  first,  the  channel-group-number  can  be  the  same 
as  the  port-channel-number,  or  you  can  use  a  new  number.  If  you  use  a  new  number,  the  channel-group 
command  dynamically  creates  a  new  port  channel. 

After  you  configure  an  EtherChannel,  configuration  changes  that  you  make  on  the  port-channel  interface 
apply  to  all  the  physical  ports  assigned  to  the  port-channel  interface.  Configuration  changes  applied  to 
the  physical  port  affect  only  the  port  where  you  apply  the  configuration.  To  change  the  parameters  of  all 
ports  in  an  EtherChannel,  apply  configuration  commands  to  the  port-channel  interface,  for  example, 
spanning-tree  commands  or  commands  to  configure  a  Layer  2  EtherChannel  as  a  trunk. 

If  you  do  not  specify  non-silent  with  the  auto  or  desirable  mode,  silent  is  assumed.  The  silent  mode  is 
used  when  the  switch  is  connected  to  a  device  that  is  not  PAgP-capable  and  seldom,  if  ever,  sends 
packets.  A  example  of  a  silent  partner  is  a  file  server  or  a  packet  analyzer  that  is  not  generating  traffic. 
In  this  case,  running  PAgP  on  a  physical  port  prevents  that  port  from  ever  becoming  operational. 
However,  it  allows  PAgP  to  operate,  to  attach  the  port  to  a  channel  group,  and  to  use  the  port  for 
transmission.  Both  ends  of  the  link  cannot  be  set  to  silent. 

In  the  on  mode,  an  EtherChannel  exists  only  when  a  port  group  in  the  on  mode  is  connected  to  another 
port  group  in  the  on  mode. 


You  should  use  care  when  using  the  on  mode.  This  is  a  manual  configuration,  and  ports  on  both  ends  of 
the  EtherChannel  must  have  the  same  configuration.  If  the  group  is  misconfigured,  packet  loss  or 
spanning-tree  loops  can  occur. 


Do  not  configure  an  EtherChannel  in  both  the  PAgP  and  LACP  modes.  EtherChannel  groups  running 
PAgP  and  LACP  can  coexist  on  the  same  switch  or  on  different  switches  in  the  stack  (but  not  in  a 
cross-stack  configuration).  Individual  EtherChannel  groups  can  run  either  PAgP  or  LACP,  but  they 
cannot  interoperate. 

If  you  set  the  protocol  by  using  the  channel-protocol  interface  configuration  command,  the  setting  is 
not  overridden  by  the  channel-group  interface  configuration  command. 

Do  not  configure  a  port  that  is  an  active  or  a  not-yet-active  member  of  an  EtherChannel  as  an 

IEEE  802.  lx  port.  If  you  try  to  enable  IEEE  802.  lx  authentication  on  an  EtherChannel  port,  an  error 

message  appears,  and  IEEE  802.  lx  authentication  is  not  enabled. 

Do  not  configure  a  secure  port  as  part  of  an  EtherChannel  or  an  EtherChannel  port  as  a  secure  port. 
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For  a  complete  list  of  configuration  guidelines,  see  the  "Configuring  EtherChannels"  chapter  in  the 
software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  configure  an  EtherChannel.  It  assigns  two  static-access  ports  in  VLAN  10 

to  channel  5  with  the  PAgP  mode  desirable: 

Switch#  configure  terminal 

Switch (config) #  interface  range  gigabitethernetO/1  -2 

Switch (conf ig-if-range) #  switchport  mode  access 
Switch (conf ig-if-range) #  switchport  access  vlan  10 
Switch (conf ig-if-range) #  channel-group  5  mode  desirable 

Switch (conf ig-if-range) #  end 

This  example  shows  how  to  configure  an  EtherChannel  on  a  single  switch  in  the  stack.  It  assigns  two 
static-access  ports  in  VLAN  10  to  channel  5  with  the  LACP  mode  active: 

Switch#  configure  terminal 

Switch (conf ig) #  interface  range  gigabitethernetO/1  -2 

Switch (conf ig-if-range) #  switchport  mode  access 
Switch (conf ig-if-range) #  switchport  access  vlan  10 
Switch (conf ig-if-range) #  channel-group  5  mode  active 

Switch (conf ig-if-range) #  end 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 


channel-protocol 

Restricts  the  protocol  used  on  a  port  to  manage  channeling. 

interface  port-channel 

Accesses  or  creates  the  port  channel. 

show  etherchannel 

Displays  EtherChannel  information  for  a  channel. 

show  lacp 

Displays  LACP  channel-group  information. 

show  pagp 

Displays  PAgP  channel-group  information. 

show  running-config 

Displays  the  current  operating  configuration.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 

Command  Reference,  Release  12.2  >  File  Management 

Commands  >  Configuration  File  Management  Commands. 
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channel-protocol 


Use  the  channel-protocol  interface  configuration  command  to  restrict  the  protocol  used  on  a  port  to 
manage  channeling.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

channel-protocol  {lacp  I  pagp} 

no  channel-protocol 


Syntax  Description  lacp 


Configure  an  EtherChannel  with  the  Link  Aggregation  Control  Protocol  (LACP). 


pagP 


Configure  an  EtherChannel  with  the  Port  Aggregation  Protocol  (PAgP). 


Defaults 


No  protocol  is  assigned  to  the  EtherChannel. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  the  channel-protocol  command  only  to  restrict  a  channel  to  LACP  or  PAgP.  If  you  set  the  protocol 
by  using  the  channel-protocol  command,  the  setting  is  not  overridden  by  the  channel-group  interface 
configuration  command. 

You  must  use  the  channel-group  interface  configuration  command  to  configure  the  EtherChannel 
parameters.  The  channel-group  command  also  can  set  the  mode  for  the  EtherChannel. 

You  cannot  enable  both  the  PAgP  and  LACP  modes  on  an  EtherChannel  group. 

PAgP  and  LACP  are  not  compatible;  both  ends  of  a  channel  must  use  the  same  protocol. 


Examples  This  example  shows  how  to  specify  LACP  as  the  protocol  that  manages  the  EtherChannel: 

Switch (config-if) #  channel -protocol  lacp 

You  can  verify  your  settings  by  entering  the  show  etherchannel  [channel-group-number]  protocol 
privileged  EXEC  command. 


Related  Commands      Command  Description 


channel-group 

Assigns  an  Ethernet  port  to  an  EtherChannel  group. 

show  etherchannel  protocol 

Displays  protocol  information  the  EtherChannel. 
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class 


Use  the  class  policy-map  configuration  command  to  define  a  traffic  classification  match  criteria  (through 
the  police,  set,  and  trust  policy-map  class  configuration  commands)  for  the  specified  class-map  name. 
Use  the  no  form  of  this  command  to  delete  an  existing  class  map. 

class  class-map-name 

no  class  class-map-name 


Syntax  Description  class-map-name 


Name  of  the  class  map. 


Defaults 


No  policy  map  class-maps  are  defined. 


Command  Modes 


Policy-map  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Before  using  the  class  command,  you  must  use  the  policy-map  global  configuration  command  to 
identify  the  policy  map  and  to  enter  policy-map  configuration  mode.  After  specifying  a  policy  map,  you 
can  configure  a  policy  for  new  classes  or  modify  a  policy  for  any  existing  classes  in  that  policy  map.  You 
attach  the  policy  map  to  a  port  by  using  the  service-policy  interface  configuration  command. 

After  entering  the  class  command,  you  enter  policy-map  class  configuration  mode,  and  these 
configuration  commands  are  available: 

•  exit:  exits  policy-map  class  configuration  mode  and  returns  to  policy-map  configuration  mode. 

•  no:  returns  a  command  to  its  default  setting. 

•  police:  defines  a  policer  or  aggregate  policer  for  the  classified  traffic.  The  policer  specifies  the 
bandwidth  limitations  and  the  action  to  take  when  the  limits  are  exceeded.  For  more  information, 
see  the  police  and  police  aggregate  policy-map  class  commands. 

•  set:  specifies  a  value  to  be  assigned  to  the  classified  traffic.  For  more  information,  see  the  set 
command. 

•  trust:  defines  a  trust  state  for  traffic  classified  with  the  class  or  the  class-map  command.  For  more 
information,  see  the  trust  command. 

To  return  to  policy-map  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode, 
use  the  end  command. 

The  class  command  performs  the  same  function  as  the  class-map  global  configuration  command.  Use 
the  class  command  when  a  new  classification,  which  is  not  shared  with  any  other  ports,  is  needed.  Use 
the  class-map  command  when  the  map  is  shared  among  many  ports. 
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class H 


Examples  This  example  shows  how  to  create  a  policy  map  called  policy  1.  When  attached  to  the  ingress  direction, 

it  matches  all  the  incoming  traffic  defined  in  class  1,  sets  the  IP  Differentiated  Services  Code  Point 
(DSCP)  to  10,  and  polices  the  traffic  at  an  average  rate  of  1  Mb/s  and  bursts  at  20  KB.  Traffic  exceeding 
the  profile  is  marked  down  to  a  DSCP  value  gotten  from  the  policed-DSCP  map  and  then  sent. 

Switch ( config) #  policy-map  policyl 
Switch (conf ig-pmap) #  class  classl 
Switch ( conf ig-pmap-c ) #  set  dscp  10 

Switch ( conf ig-pmap-c ) #  police  1000000  20000  exceed-action  policed-dscp-transmit 

Switch (conf ig-pmap-c) #  exit 

You  can  verify  your  settings  by  entering  the  show  policy-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class-map 

Creates  a  class  map  to  be  used  for  matching  packets  to  the  class  whose  name 

you  specify. 

police 

Defines  a  policer  for  classified  traffic. 

policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple  ports  to 

specify  a  service  policy. 

set 

Classifies  IP  traffic  by  setting  a  DSCP  or  IP-precedence  value  in  the  packet. 

show  policy-map 

Displays  quality  of  service  (QoS)  policy  maps. 

trust 

Defines  a  trust  state  for  the  traffic  classified  through  the  class  policy-map 

configuration  command  or  the  class-map  global  configuration  command. 
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class-map 

Use  the  class-map  global  configuration  command  to  create  a  class  map  to  be  used  for  matching  packets 
to  the  class  name  you  specify  and  to  enter  class-map  configuration  mode.  Use  the  no  form  of  this 
command  to  delete  an  existing  class  map  and  to  return  to  global  configuration  mode. 

class-map  [match-all  I  match-any]  class-map-name 

no  class-map  [match-all  I  match-any]  class-map-name 


Syntax  Description      match-all  (Optional)  Perform  a  logical- AND  of  all  matching  statements  under  this  class 

map.  All  criteria  in  the  class  map  must  be  matched. 

match-any  (Optional)  Perform  a  logical-OR  of  the  matching  statements  under  this  class 

map.  One  or  more  criteria  must  be  matched. 

class-map-name         Name  of  the  class  map. 


Defaults  No  class  maps  are  defined. 

If  neither  the  match-all  or  match-any  keyword  is  specified,  the  default  is  match-all. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Use  this  command  to  specify  the  name  of  the  class  for  which  you  want  to  create  or  modify  class-map 
match  criteria  and  to  enter  class-map  configuration  mode. 

The  class-map  command  and  its  subcommands  are  used  to  define  packet  classification,  marking,  and 
aggregate  policing  as  part  of  a  globally  named  service  policy  applied  on  a  per-port  basis. 

After  you  are  in  quality  of  service  (QoS)  class-map  configuration  mode,  these  configuration  commands 
are  available: 

•  description:  describes  the  class  map  (up  to  200  characters).  The  show  class-map  privileged  EXEC 
command  displays  the  description  and  the  name  of  the  class-map. 

•  exit:  exits  from  QoS  class-map  configuration  mode. 

•  match:  configures  classification  criteria.  For  more  information,  see  the  match  (class-map 
configuration)  command. 

•  no:  removes  a  match  statement  from  a  class  map. 

•  rename:  renames  the  current  class  map.  If  you  rename  a  class  map  with  a  name  that  is  already  used, 

the  message  A  class-map  with  this  name  already  exists  appears. 
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To  define  packet  classification  on  a  physical-port  basis,  only  one  match  command  per  class  map  is 
supported.  In  this  situation,  the  match-all  and  match-any  keywords  are  equivalent. 

Only  one  access  control  list  (ACL)  can  be  configured  in  a  class  map.  The  ACL  can  have  multiple  access 
control  entries  (ACEs). 


Examples  This  example  shows  how  to  configure  the  class  map  called  classl  with  one  match  criterion,  which  is  an 

access  list  called  103: 

Switch (config) #  access-list  103  permit  any  any  dscp  10 

Switch (config) #  class-map  classl 

Switch (conf ig-cmap) #  match  access-group  103 

Switch (conf ig-cmap) #  exit 

This  example  shows  how  to  delete  the  class  map  classl: 

Switch (conf ig) #  no  class-map  classl 

You  can  verify  your  settings  by  entering  the  show  class-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class 

Defines  a  traffic  classification  match  criteria  (through  the  police, 

set,  and  trust  policy-map  class  configuration  commands)  for  the 

specified  class-map  name. 

match  (class-map 

Defines  the  match  criteria  to  classify  traffic. 

configuration) 

policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple 

ports  to  specify  a  service  policy. 

show  class-map 

Displays  QoS  class  maps. 
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clear  dotlx 


Use  the  clear  dotlx  privileged  EXEC  command  to  clear  IEEE  802.  lx  information  for  the  switch  or  for 
the  specified  port. 

clear  dotlx  {all  I  interface  interface-id] 


Syntax  Description      all  Clear  all  IEEE  802.  lx  information  for  the  switch. 

interface  interface-id         Clear  IEEE  802.  lx  information  for  the  specified  interface. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SEE 


Modification 

This  command  was  introduced. 


Usage  Guidelines       You  can  clear  all  the  information  by  using  the  clear  dotlx  all  command,  or  you  can  clear  only  the 
information  for  the  specified  interface  by  using  the  clear  dotlx  interface  interface-id  command. 


Examples  This  example  shows  how  to  clear  all  IEEE  8021.x  information: 

Switch#  clear  dotlx  all 

This  example  shows  how  to  clear  IEEE  8021.x  information  for  the  specified  interface: 

Switch}!  clear  dotlx  Interface  gigabithethernetO/1 

You  can  verify  that  the  information  was  deleted  by  entering  the  show  dotlx  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  dotlx  Displays  IEEE  802.  lx  statistics,  administrative  status,  and  operational 

status  for  the  switch  or  for  the  specified  port. 
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clear  eap  sessions 


Use  the  clear  eap  sessions  privileged  EXEC  command  to  clear  Extensible  Authentication  Protocol 
(EAP)  session  information  for  the  switch  or  for  the  specified  port. 

clear  eap  sessions  [credentials  name  [interface  interface-id]  I  interface  interface-id  I  method 
name  I  transport  name]  [credentials  name  I  interface  interface-id  I  transport  name]  ... 


Syntax  Description 


Defaults 


credentials  name 

Clear  EAP  credential  information  for  the  specified  profile. 

interface  interface-id 

Clear  EAP  information  for  the  specified  interface. 

method  name 

Clear  EAP  information  for  the  specified  method. 

transport  name 

Clear  EAP  transport  information  for  the  specified  lower  level. 

No  default  is  defined. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SEE 

This  command  was  introduced. 

Usage  Guidelines       You  can  clear  all  counters  by  using  the  clear  eap  sessions  command,  or  you  can  clear  only  the  specific 
information  by  using  the  keywords. 


Examples 


This  example  shows  how  to  clear  all  EAP  information: 

Switch#  clear  eap 

This  example  shows  how  to  clear  EAP-session  credential  information  for  the  specified  profile: 

Switch#  clear  eap  sessions  credential  typel 

You  can  verify  that  the  information  was  deleted  by  entering  the  show  dotlx  privileged  EXEC  command. 


Related  Commands  Command 

show  eap 


Description 

Displays  EAP  registration  and  session  information  for  the  switch  or  for 
the  specified  port 
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clear  errdisable  interface 

Use  the  clear  errdisable  interface  privileged  EXEC  command  on  the  switch  stack  or  on  a  standalone 
switch  to  re-enable  a  VLAN  that  was  error  disabled. 

clear  errdisable  interface  interface-id  vlan  [vlan-list] 


Syntax  Description 

vlan  list 

(Optional)  Specify  a  list  of  VLANs  to  be  re-enabled.  If  a  vlan-list  is  not 
specified,  then  all  VLANs  are  re-enabled. 

Command  Default 

No  default  is  defined 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

12.2(37)SE 

Modification 

This  command  was  introduced. 

Usage  Guidelines       You  can  re-enable  a  port  by  using  the  shutdown  and  no  shutdown  interface  configuration  commands, 
or  you  can  clear  error  disable  for  VLANs  by  using  the  clear  errdisable  interface  command. 


Examples  This  example  shows  how  to  re-enable  all  VLANs  that  were  error-disabled  on  port  Gi4/0/2. 

Switch#  clear  errdisable  interface  GigabitEthernet4/0/2  vlan 


Related  Commands      Command  Description 

errdisable  detect  cause  Enables  error-disabled  detection  for  a  specific  cause  or  all 

causes. 

errdisable  recovery  Configures  the  recovery  mechanism  variables. 

show  errdisable  flap-values  Displays  error-disabled  detection  status. 

show  errdisable  recovery  Display  error-disabled  recovery  timer  information. 

show  interfaces  status  err-disabled      Displays  interface  status  of  a  list  of  interfaces  in 

error-disabled  state. 
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clear  ipdhcp  snooping 

Use  the  clear  ip  dhcp  snooping  privileged  EXEC  command  on  the  switch  stack  or  on  a  standalone 
switch  to  clear  the  DHCP  snooping  binding  database,  the  DHCP  snooping  binding  database  agent 
statistics,  or  the  DHCP  snooping  statistics  counters. 

clear  ip  dhcp  snooping  {binding  I  database  statistics  I  statistics} 


Syntax  Description      binding  Clear  the  DHCP  snooping  binding  database. 

database  Clear  the  DHCP  snooping  binding  database  agent  statistics, 
statistics 

statistics  Clear  the  DHCP  snooping  statistics  counter. 


Defaults  No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(37)SE  The  command  was  introduced. 


Usage  Guidelines       When  you  enter  the  clear  ip  dhcp  snooping  database  statistics  command,  the  switch  does  not  update 
the  entries  in  the  binding  database  and  in  the  binding  file  before  clearing  the  statistics. 


Examples  This  example  shows  how  to  clear  the  DHCP  snooping  binding  database  agent  statistics: 

Switch#  clear  ip  dhcp  snooping  database  statistics 

You  can  verify  that  the  statistics  were  cleared  by  entering  the  show  ip  dhcp  snooping  database 
privileged  EXEC  command. 

This  example  shows  how  to  clear  the  DHCP  snooping  statistics  counters: 

Switch*  clear  ip  dhcp  snooping  statistics 

You  can  verify  that  the  statistics  were  cleared  by  entering  the  show  ip  dhcp  snooping  statistics  user 
EXEC  command. 
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Related  Commands      Command  Description 


ip  dhcp  snooping 

Enables  DHCP  snooping  on  a  VLAN. 

show  ip  dhcp  snooping  binding 

Displays  the  status  of  DHCP  snooping  database  agent. 

show  ip  dhcp  snooping  statistics 

Displays  the  DHCP  snooping  statistics. 
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clear  lacp 


Use  the  clear  lacp  privileged  EXEC  command  to  clear  Link  Aggregation  Control  Protocol  (LACP) 
channel-group  counters. 

clear  lacp  {channel- group-number  counters  I  counters} 


Syntax  Description       channel-group-number        (Optional)  Channel  group  number.  The  range  is  1  to  48. 
counters  Clear  traffic  counters. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       You  can  clear  all  counters  by  using  the  clear  lacp  counters  command,  or  you  can  clear  only  the  counters 
for  the  specified  channel  group  by  using  the  clear  lacp  channel-group-number  counters  command. 


Examples 


This  example  shows  how  to  clear  all  channel-group  information: 

Switch#  clear  lacp  counters 

This  example  shows  how  to  clear  LACP  traffic  counters  for  group  4: 

Switch#  clear  lacp  4  counters 

You  can  verify  that  the  information  was  deleted  by  entering  the  show  lacp  counters  or  the  show  lacp  4 
counters  privileged  EXEC  command. 


Related  Commands  Command 

show  lacp 


Description 

Displays  LACP  channel-group  information. 
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clear  mac  address-table 


Syntax  Description 


Use  the  clear  mac  address-table  privileged  EXEC  command  to  delete  from  the  MAC  address  table  a 
specific  dynamic  address,  all  dynamic  addresses  on  a  particular  interface,  or  all  dynamic  addresses  on  a 
particular  VLAN.  This  command  also  clears  the  MAC  address  notification  global  counters. 

clear  mac  address-table  {dynamic  [address  mac-addr  I  interface  interface-id  I  vlan  vlan-id]  I 
notification} 


dynamic 

dynamic  address 

mac-addr 


Delete  all  dynamic  MAC  addresses. 

(Optional)  Delete  the  specified  dynamic  MAC  address. 


dynamic  interface 

interface-id 


(Optional)  Delete  all  dynamic  MAC  addresses  on  the  specified  physical  port 
or  port  channel. 


dynamic  vlan  vlan-id      (Optional)  Delete  all  dynamic  MAC  addresses  for  the  specified  VLAN.  The 
range  is  1  to  4094. 

notification  Clear  the  notifications  in  the  history  table  and  reset  the  counters. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Examples 


This  example  shows  how  to  remove  a  specific  MAC  address  from  the  dynamic  address  table: 

Switch*  clear  mac  address-table  dynamic  address  0008.0070.0007 

You  can  verify  that  the  information  was  deleted  by  entering  the  show  mac  address-table  privileged 
EXEC  command. 


Related  Commands 


Command 

mac  address-table  notification 


Description 

Enables  the  MAC  address  notification  feature. 


show  mac  address-table 


Displays  the  MAC  address  table  static  and  dynamic  entries. 


show  mac  address-table  notification 


Displays  the  MAC  address  notification  settings  for  all 
interfaces  or  the  specified  interface. 


snmp  trap  mac-notification 


Enables  the  Simple  Network  Management  Protocol  (SNMP) 
MAC  address  notification  trap  on  a  specific  interface. 
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clear  mac  address-table  move  update 


Use  the  clear  mac  address-table  move  update  privileged  EXEC  command  to  clear  the  mac 
address-table-move  update-related  counters. 

clear  mac  address-table  move  update 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SED 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  clear  the  mac  address-table  move  update  related  counters. 

Switch#  clear  mac  address-table  move  update 

You  can  verify  that  the  information  was  cleared  by  entering  the  show  mac  address-table  move  update 

privileged  EXEC  command. 


Related  Commands  Command 


mac  address-table  move  update 
(receive  I  transmit) 


Description 

Configures  MAC  address-table  move  update  on  the  switch. 


show  mac  address-table  move  update  Displays  the  MAC  address-table  move  update  information  on 

the  switch. 
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clear  pagp 


Use  the  clear  pagp  privileged  EXEC  command  to  clear  Port  Aggregation  Protocol  (PAgP) 
channel-group  information. 

clear  pagp  { channel-group-number  counters  I  counters } 


Syntax  Description       channel-group-number        (Optional)  Channel  group  number.  The  range  is  1  to  48. 
counters  Clear  traffic  counters. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       You  can  clear  all  counters  by  using  the  clear  pagp  counters  command,  or  you  can  clear  only  the  counters 
for  the  specified  channel  group  by  using  the  clear  pagp  channel-group-number  counters  command. 


Examples 


This  example  shows  how  to  clear  all  channel-group  information: 

Switch#  clear  pagp  counters 

This  example  shows  how  to  clear  PAgP  traffic  counters  for  group  10: 

Switch#  clear  pagp  10  counters 

You  can  verify  that  information  was  deleted  by  entering  the  show  pagp  privileged  EXEC  command. 


Related  Commands  Command 

show  pagp 


Description 

Displays  PAgP  channel-group  information. 
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clear  port-security 

Use  the  clear  port-security  privileged  EXEC  command  to  delete  from  the  MAC  address  table  all  secure 
addresses  or  all  secure  addresses  of  a  specific  type  (configured,  dynamic,  or  sticky)  on  the  switch  or  on 
an  interface. 

clear  port-security  {all  I  configured  I  dynamic  I  sticky}  [[address  mac-addr  I  interface 
interface-id]  [vlan  {vlan-id  I  {access  I  voice}}]] 


Syntax  Description      all  Delete  all  secure  MAC  addresses. 


configured 

Delete  configured  secure  MAC  addresses. 

dynamic 

Delete  secure  MAC  addresses  auto-learned  by  hardware. 

sticky 

Delete  secure  MAC  addresses,  either  auto-learned  or  configured. 

address  mac-addr 

(Optional)  Delete  the  specified  dynamic  secure  MAC  address. 

interface  interface-id 

(Optional)  Delete  all  the  dynamic  secure  MAC  addresses  on  the  specified 

physical  port  or  VLAN. 

vlan  (Optional)  Delete  the  specified  secure  MAC  address  from  the  specified 


VLAN.  Enter  one  of  these  options  after  you  enter  the  vlan  keyword: 

•  vlan-id — On  a  trunk  port,  specify  the  VLAN  ID  of  the  VLAN  on  which 
this  address  should  be  cleared. 

•  access — On  an  access  port,  clear  the  specified  secure  MAC  address  on 
the  access  VLAN. 

•  voice — On  an  access  port,  clear  the  specified  secure  MAC  address  on  the 
voice  VLAN. 

Note     The  voice  keyword  is  available  only  if  voice  VLAN  is  configured  on 
a  port  and  if  that  port  is  not  the  access  VLAN. 


Defaults  No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History 

Examples  This  example  shows  how  to  clear  all  secure  addresses  from  the  MAC  address  table: 

Switch#  clear  port-security  all 

This  example  shows  how  to  remove  a  specific  configured  secure  address  from  the  MAC  address  table: 

Switch#  clear  port-security  configured  address  0008.0070.0007 

This  example  shows  how  to  remove  all  the  dynamic  secure  addresses  learned  on  a  specific  interface: 

Switch#  clear  port-security  dynamic  interface  gigabitethernetO/1 
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This  example  shows  how  to  remove  all  the  dynamic  secure  addresses  from  the  address  table: 

Switch#  clear  port-security  dynamic 

You  can  verify  that  the  information  was  deleted  by  entering  the  show  port-security  privileged  EXEC 
command. 


Related  Commands      Command  Description 


switchport  port-security 

Enables  port  security  on  an  interface. 

switchport  port-security 

Configures  secure  MAC  addresses. 

mac-address  mac-address 

switchport  port-security  maximum 

Configures  a  maximum  number  of  secure  MAC  addresses  on  a 

value 

secure  interface. 

show  port-security 

Displays  the  port  security  settings  defined  for  an  interface  or  for 

the  switch. 
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clear  spanning-tree  counters 


Use  the  clear  spanning-tree  counters  privileged  EXEC  command  to  clear  the  spanning-tree  counters, 
clear  spanning-tree  counters  [interface  interface-id] 


Syntax  Description     interface  interface-id      (Optional)  Clear  all  spanning-tree  counters  on  the  specified  interface.  Valid 

interfaces  include  physical  ports,  VLANs,  and  port  channels.  The  VLAN 
range  is  1  to  4094.  The  port-channel  range  is  1  to  48. 


Defaults  No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        If  the  interface-id  is  not  specified,  spanning-tree  counters  are  cleared  for  all  interfaces. 


Examples  This  example  shows  how  to  clear  spanning-tree  counters  for  all  interfaces: 

Switch#  clear  spanning-tree  counters 


Related  Commands      Command  Description 


show  spanning-tree       Displays  spanning-tree  state  information. 
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clear  spanning-tree  detected-protocols 


Use  the  clear  spanning-tree  detected-protocols  privileged  EXEC  command  to  restart  the  protocol 
migration  process  (force  the  renegotiation  with  neighboring  switches)  on  all  interfaces  or  on  the 
specified  interface. 

clear  spanning-tree  detected-protocols  [interface  interface-id] 


Syntax  Description       interface  interface-id        (Optional)  Restart  the  protocol  migration  process  on  the  specified  interface. 

Valid  interfaces  include  physical  ports,  VLANs,  and  port  channels.  The 
VLAN  range  is  1  to  4094.  The  port-channel  range  is  1  to  48. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


A  switch  running  the  rapid  per- VLAN  spanning-tree  plus  (rapid-PVST+)  protocol  or  the  Multiple 
Spanning  Tree  Protocol  (MSTP)  supports  a  built-in  protocol  migration  mechanism  that  enables  it  to 
interoperate  with  legacy  IEEE  802.  ID  switches.  If  a  rapid-PVST+  switch  or  an  MSTP  switch  receives  a 
legacy  IEEE  802. ID  configuration  bridge  protocol  data  unit  (BPDU)  with  the  protocol  version  set  to  0, 
it  sends  only  IEEE  802.  ID  BPDUs  on  that  port.  A  multiple  spanning-tree  (MST)  switch  can  also  detect 
that  a  port  is  at  the  boundary  of  a  region  when  it  receives  a  legacy  BPDU,  an  MST  BPDU  (Version  3) 
associated  with  a  different  region,  or  a  rapid  spanning-tree  (RST)  BPDU  (Version  2). 

However,  the  switch  does  not  automatically  revert  to  the  rapid-PVST+  or  the  MSTP  mode  if  it  no  longer 
receives  IEEE  802.  ID  BPDUs  because  it  cannot  learn  whether  the  legacy  switch  has  been  removed  from 
the  link  unless  the  legacy  switch  is  the  designated  switch.  Use  the  clear  spanning-tree 
detected-protocols  command  in  this  situation. 


Examples 


This  example  shows  how  to  restart  the  protocol  migration  process  on  a  port: 

Switch#  clear  spanning-tree  detected-protocols  interface  gigabitethernetO/1 


Related  Commands 


Command 

show  spanning-tree 


Description 

Displays  spanning-tree  state  information. 


spanning-tree  link-type 


Overrides  the  default  link-type  setting  and  enables  rapid  spanning-tree 
changes  to  the  forwarding  state. 
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clear  vmps  statistics 


Use  the  clear  vmps  statistics  privileged  EXEC  command  to  clear  the  statistics  maintained  by  the  VLAN 
Query  Protocol  (VQP)  client. 

clear  vmps  statistics 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  clear  VLAN  Membership  Policy  Server  (VMPS)  statistics: 

Switch#  clear  vmps  statistics 

You  can  verify  that  information  was  deleted  by  entering  the  show  vmps  statistics  privileged  EXEC 
command. 


Related  Commands  Command 

show  vmps 


Description 

Displays  the  VQP  version,  reconfirmation  interval,  retry  count,  VMPS  IP 
addresses,  and  the  current  and  primary  servers. 
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clear  vtp  counters 


Use  the  clear  vtp  counters  privileged  EXEC  command  to  clear  the  VLAN  Trunking  Protocol  (VTP)  and 
pruning  counters. 

clear  vtp  counters 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  clear  the  VTP  counters: 

Switch#  clear  vtp  counters 

You  can  verify  that  information  was  deleted  by  entering  the  show  vtp  counters  privileged  EXEC 
command. 


Related  Commands  Command 

show  vtp 


Description 

Displays  general  information  about  the  VTP  management  domain,  status, 
and  counters. 
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cluster  commander-address 

You  do  not  need  to  enter  this  command. The  cluster  command  switch  automatically  provides  its  MAC 
address  to  cluster  member  switches  when  these  switches  join  the  cluster.  The  cluster  member  switch 
adds  this  information  and  other  cluster  information  to  its  running  configuration  file.  Use  the  no  form  of 
this  global  configuration  command  from  the  cluster  member  switch  console  port  to  remove  the  switch 
from  a  cluster  only  during  debugging  or  recovery  procedures. 

cluster  commander-address  mac-address  [member  number  name  name] 

no  cluster  commander-address 


Syntax  Description       mac-address  MAC  address  of  the  cluster  command  switch. 


member  number 

(Optional)  Number  of  a  configured  cluster  member  switch.  The  range  is  0 

to  15. 

name  name 

(Optional)  Name  of  the  configured  cluster  up  to  31  characters. 

Defaults  The  switch  is  not  a  member  of  any  cluster. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       This  command  is  available  only  on  the  cluster  command  switch. 

A  cluster  member  can  have  only  one  cluster  command  switch. 

The  cluster  member  switch  retains  the  identity  of  the  cluster  command  switch  during  a  system  reload  by 
using  the  mac-address  parameter. 

You  can  enter  the  no  form  on  a  cluster  member  switch  to  remove  it  from  the  cluster  during  debugging  or 
recovery  procedures.  You  would  normally  use  this  command  from  the  cluster  member  switch  console 
port  only  when  the  member  has  lost  communication  with  the  cluster  command  switch.  With  normal 
switch  configuration,  we  recommend  that  you  remove  cluster  member  switches  only  by  entering  the  no 
cluster  member  n  global  configuration  command  on  the  cluster  command  switch. 

When  a  standby  cluster  command  switch  becomes  active  (becomes  the  cluster  command  switch),  it 
removes  the  cluster  commander  address  line  from  its  configuration. 
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Examples 


This  is  partial  sample  output  from  the  running  configuration  of  a  cluster  member. 


Switch (config) #  show  running-configuration 

<output  truncated> 

cluster  commander-address  00e0.9bc0.a500  member  4  name  my_cluster 
<output  truncated> 

This  example  shows  how  to  remove  a  member  from  the  cluster  by  using  the  cluster  member  console. 

Switch  #  configure  terminal 

Enter  configuration  commands,   one  per  line.     End  with  CNTL/Z. 
Switch (config) #  no  cluster  commander-address 

You  can  verify  your  settings  by  entering  the  show  cluster  privileged  EXEC  command. 


Related  Commands 


Command 


Description 


show  cluster 


Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 
belongs. 
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cluster  discovery  hop-count 

Use  the  cluster  discovery  hop-count  global  configuration  command  on  the  cluster  command  switch  to 
set  the  hop-count  limit  for  extended  discovery  of  candidate  switches.  Use  the  no  form  of  this  command 
to  return  to  the  default  setting. 

cluster  discovery  hop-count  number 

no  cluster  discovery  hop-count 


Syntax  Description       number  Number  of  hops  from  the  cluster  edge  that  the  cluster  command  switch  limits 

the  discovery  of  candidates.  The  range  is  1  to  7. 


Defaults  The  hop  count  is  set  to  3. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        This  command  is  available  only  on  the  cluster  command  switch.  This  command  does  not  operate  on 
cluster  member  switches. 

If  the  hop  count  is  set  to  1,  it  disables  extended  discovery.  The  cluster  command  switch  discovers  only 
candidates  that  are  one  hop  from  the  edge  of  the  cluster.  The  edge  of  the  cluster  is  the  point  between  the 
last  discovered  cluster  member  switch  and  the  first  discovered  candidate  switch. 


Examples  This  example  shows  how  to  set  hop  count  limit  to  4.  This  command  is  executed  on  the  cluster  command 

switch. 

Switch (config) #  cluster  discovery  hop-count  4 

You  can  verify  your  setting  by  entering  the  show  cluster  privileged  EXEC  command. 
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Related  Commands      Command  Description 


show  cluster 

Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the 

switch  belongs. 

show  cluster  candidates 

Displays  a  list  of  candidate  switches. 
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cluster  enable 


Use  the  cluster  enable  global  configuration  command  on  a  command-capable  switch  to  enable  it  as  the 
cluster  command  switch,  assign  a  cluster  name,  and  to  optionally  assign  a  member  number  to  it.  Use  the 
no  form  of  the  command  to  remove  all  members  and  to  make  the  cluster  command  switch  a  candidate 
switch. 

cluster  enable  name  [command-switch-member-number] 
no  cluster  enable 


Syntax  Description 


name 


Name  of  the  cluster  up  to  31  characters.  Valid  characters  include 
only  alphanumerics,  dashes,  and  underscores. 


command- switch-member-number 


(Optional)  Assign  a  member  number  to  the  cluster  command 
switch  of  the  cluster.  The  range  is  0  to  15. 


Defaults 


The  switch  is  not  a  cluster  command  switch. 
No  cluster  name  is  defined. 

The  member  number  is  0  when  the  switch  is  the  cluster  command  switch. 


Command  Modes 


Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Enter  this  command  on  any  command-capable  switch  that  is  not  part  of  any  cluster.  This  command  fails 
if  a  device  is  already  configured  as  a  member  of  the  cluster. 

You  must  name  the  cluster  when  you  enable  the  cluster  command  switch.  If  the  switch  is  already 
configured  as  the  cluster  command  switch,  this  command  changes  the  cluster  name  if  it  is  different  from 
the  previous  cluster  name. 


Examples 


This  example  shows  how  to  enable  the  cluster  command  switch,  name  the  cluster,  and  set  the  cluster 
command  switch  member  number  to  4. 

Switch(conf ig) #  cluster  enable  Engineering- IDF4  4 

You  can  verify  your  setting  by  entering  the  show  cluster  privileged  EXEC  command  on  the  cluster 
command  switch. 
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Related  Commands      Command  Description 


show  cluster  Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 

belongs. 
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cluster  holdtime 


Use  the  cluster  holdtime  global  configuration  command  to  set  the  duration  in  seconds  before  a  switch 
(either  the  command  or  cluster  member  switch)  declares  the  other  switch  down  after  not  receiving 
heartbeat  messages.  Use  the  no  form  of  this  command  to  set  the  duration  to  the  default  value. 

cluster  holdtime  holdtime-in-secs 

no  cluster  holdtime 


Syntax  Description 


holdtime-in-secs 


Duration  in  seconds  before  a  switch  (either  a  command  or  cluster  member 
switch)  declares  the  other  switch  down.  The  range  is  1  to  300  seconds. 


Defaults 


The  default  holdtime  is  80  seconds. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Enter  this  command  with  the  cluster  timer  global  configuration  command  only  on  the  cluster  command 
switch.  The  cluster  command  switch  propagates  the  values  to  all  its  cluster  members  so  that  the  setting 
is  consistent  among  all  switches  in  the  cluster. 

The  holdtime  is  typically  set  as  a  multiple  of  the  interval  timer  (cluster  timer).  For  example,  it  takes 
(holdtime-in-secs  divided  by  the  interval-in-secs)  number  of  heartbeat  messages  to  be  missed  in  a  row 
to  declare  a  switch  down. 


Examples 


This  example  shows  how  to  change  the  interval  timer  and  the  duration  on  the  cluster  command  switch. 

Switch (config) #  cluster  timer  3 
Switch (config) #  cluster  holdtime  30 

You  can  verify  your  settings  by  entering  the  show  cluster  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  cluster 


Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 
belongs. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


2-57 


II cluster  member 


Chapter  2     CGESM  Switch  Cisco  IPS  Commands  | 


cluster  member 


Use  the  cluster  member  global  configuration  command  on  the  cluster  command  switch  to  add 
candidates  to  a  cluster.  Use  the  no  form  of  the  command  to  remove  members  from  the  cluster. 

cluster  member  [n]  mac-address  H.H.H  [password  enable-password]  [vlan  vlan-id] 

no  cluster  member  n 


Syntax  Description 


n 


mac-address  H.H.H 


The  number  that  identifies  a  cluster  member.  The  range  is  0  to  15. 


MAC  address  of  the  cluster  member  switch  in  hexadecimal  format. 


password  enable-password 


vlan  vlan-id 


Enable  password  of  the  candidate  switch.  The  password  is  not 
required  if  there  is  no  password  on  the  candidate  switch. 

(Optional)  VLAN  ID  through  which  the  candidate  is  added  to  the 
cluster  by  the  cluster  command  switch.  The  range  is  1  to  4094. 


Defaults 


A  newly  enabled  cluster  command  switch  has  no  associated  cluster  members. 


Command  Modes 


Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Enter  this  command  only  on  the  cluster  command  switch  to  add  a  candidate  to  or  remove  a  member  from 
the  cluster.  If  you  enter  this  command  on  a  switch  other  than  the  cluster  command  switch,  the  switch 
rejects  the  command  and  displays  an  error  message. 

You  must  enter  a  member  number  to  remove  a  switch  from  the  cluster.  However,  you  do  not  need  to  enter 
a  member  number  to  add  a  switch  to  the  cluster.  The  cluster  command  switch  selects  the  next  available 
member  number  and  assigns  it  to  the  switch  that  is  joining  the  cluster. 

You  must  enter  the  enable  password  of  the  candidate  switch  for  authentication  when  it  joins  the  cluster. 
The  password  is  not  saved  in  the  running  or  startup  configuration.  After  a  candidate  switch  becomes  a 
member  of  the  cluster,  its  password  becomes  the  same  as  the  cluster  command-switch  password. 

If  a  switch  does  not  have  a  configured  hostname,  the  cluster  command  switch  appends  a  member  number 
to  the  cluster  command-switch  hostname  and  assigns  it  to  the  cluster  member  switch. 

If  you  do  not  specify  a  VLAN  ID,  the  cluster  command  switch  automatically  chooses  a  VLAN  and  adds 
the  candidate  to  the  cluster. 
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Examples  This  example  shows  how  to  add  a  switch  as  member  2  with  MAC  address  00E0.1E00.2222  and  the 

password  key  to  a  cluster.  The  cluster  command  switch  adds  the  candidate  to  the  cluster  through 
VLAN  3. 

Switch (config) #  cluster  member  2  mac-address  00E0 . 1E00 . 2222  password  key  vlan  3 

This  example  shows  how  to  add  a  switch  with  MAC  address  OOE0.1E00.3333  to  the  cluster.  This  switch 
does  not  have  a  password.  The  cluster  command  switch  selects  the  next  available  member  number  and 
assigns  it  to  the  switch  that  is  joining  the  cluster. 

Switch (config) #  cluster  member  mac-address  00E0 . 1E00 . 3333 

You  can  verify  your  settings  by  entering  the  show  cluster  members  privileged  EXEC  command  on  the 
cluster  command  switch. 


Related  Commands      Command  Description 


show  cluster 

Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the 

switch  belongs. 

show  cluster  candidates 

Displays  a  list  of  candidate  switches. 

show  cluster  members 

Displays  information  about  the  cluster  members. 
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cluster  outside-interface 


Use  the  cluster  outside-interface  global  configuration  command  on  the  switch  stack  or  on  the  a  cluster 
command  switch  to  configure  the  outside  interface  for  cluster  Network  Address  Translation  (NAT)  so  that 
a  member  without  an  IP  address  can  communicate  with  devices  outside  the  cluster.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting. 

cluster  outside-interface  interface-id 

no  cluster  outside-interface 


Syntax  Description  interface-id 


Interface  to  serve  as  the  outside  interface.  Valid  interfaces  include 
physical  interfaces,  port-channels,  or  VLANs.  The  port-channel 
range  is  1  to  48.  The  VLAN  range  is  1  to  4094. 


Defaults 


The  default  outside  interface  is  automatically  selected  by  the  cluster  command  switch. 


Command  Modes 


Global  configuration 


Usage  Guidelines 


Enter  this  command  only  on  the  cluster  command  switch.  If  you  enter  this  command  on  a  cluster  member 
switch,  an  error  message  appears. 


Examples 


This  example  shows  how  to  set  the  outside  interface  to  VLAN  1: 

Switch (config) #  cluster  outside-interface  vlan  1 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands 


Command 

show  running-config 


Description 

Displays  the  current  operating  configuration.  For  syntax  information, 
select  the  Cisco  IOS  Configuration  Fundamentals  Command 
Reference,  Release  12.2  >  File  Management  Commands  > 
Configuration  File  Management  Commands. 
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cluster  run 


Use  the  cluster  run  global  configuration  command  to  enable  clustering  on  a  switch.  Use  the  no  form  of 
this  command  to  disable  clustering  on  a  switch. 

cluster  run 

no  cluster  run 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Clustering  is  enabled  on  all  switches. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


When  you  enter  the  no  cluster  run  command  on  a  cluster  command  switch,  the  cluster  command  switch 
is  disabled.  Clustering  is  disabled,  and  the  switch  cannot  become  a  candidate  switch. 

When  you  enter  the  no  cluster  run  command  on  a  cluster  member  switch,  it  is  removed  from  the  cluster. 
Clustering  is  disabled,  and  the  switch  cannot  become  a  candidate  switch. 

When  you  enter  the  no  cluster  run  command  on  a  switch  that  is  not  part  of  a  cluster,  clustering  is 
disabled  on  this  switch.  This  switch  cannot  then  become  a  candidate  switch. 


Examples 


This  example  shows  how  to  disable  clustering  on  the  cluster  command  switch: 

Switch (config) #  no  cluster  run 

You  can  verify  your  setting  by  entering  the  show  cluster  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  cluster 


Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 
belongs. 
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cluster  standby-group 


Use  the  cluster  standby-group  global  configuration  command  to  enable  cluster  command-switch 
redundancy  by  binding  the  cluster  to  an  existing  Hot  Standby  Router  Protocol  (HSRP).  Entering  the 
routing-redundancy  keyword  enables  the  same  HSRP  group  to  be  used  for  cluster  command-switch 
redundancy  and  routing  redundancy.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

cluster  standby-group  HSRP-group-name  [routing-redundancy] 

no  cluster  standby-group 


Syntax  Description  HSRP-group-name 


routing-redundancy 


Name  of  the  HSRP  group  that  is  bound  to  the  cluster.  The  group  name  is 
limited  to  32  characters. 

(Optional)  Enable  the  same  HSRP  standby  group  to  be  used  for  cluster 
command-switch  redundancy  and  routing  redundancy. 


Defaults 


The  cluster  is  not  bound  to  any  HSRP  group. 


Command  Modes 


Global  configuration 


Command  History 


Release 


Modification 


Usage  Guidelines 


Enter  this  command  only  on  the  cluster  command  switch.  If  you  enter  it  on  a  cluster  member  switch,  an 
error  message  appears. 

The  cluster  command  switch  propagates  the  cluster-HSRP  binding  information  to  all  cluster-HSRP 
capable  members.  Each  cluster  member  switch  stores  the  binding  information  in  its  NVRAM.  The  HSRP 
group  name  must  be  a  valid  standby  group;  otherwise,  the  command  exits  with  an  error. 

The  same  group  name  should  be  used  on  all  members  of  the  HSRP  standby  group  that  is  to  be  bound  to 
the  cluster.  The  same  HSRP  group  name  should  also  be  used  on  all  cluster-HSRP  capable  members  for 
the  HSRP  group  that  is  to  be  bound.  (When  not  binding  a  cluster  to  an  HSRP  group,  you  can  use  different 
names  on  the  cluster  commander  and  the  members.) 


Examples 


This  example  shows  how  to  bind  the  HSRP  group  named  my_hsrp  to  the  cluster.  This  command  is 
executed  on  the  cluster  command  switch. 

Switch(conf ig) #  cluster  standby-group  my_hsrp 

This  example  shows  how  to  use  the  same  HSRP  group  named  my_hsrp  for  routing  redundancy  and 
cluster  redundancy. 

Switch (config) #  cluster  standby -group  my_hsrp  routing-redundancy 
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This  example  shows  the  error  message  when  this  command  is  executed  on  a  cluster  command  switch  and 
the  specified  HSRP  standby  group  does  not  exist: 

Switch (config) #  cluster  standby -group  my_hsrp 

%ERROR:   Standby   (my_hsrp)   group  does  not  exist 

This  example  shows  the  error  message  when  this  command  is  executed  on  a  cluster  member  switch: 

Switch (config) #  cluster  standby-group  my_hsrp  routing-redundancy 

%ERROR:   This  command  runs  on  a  cluster  command  switch 

You  can  verify  your  settings  by  entering  the  show  cluster  privileged  EXEC  command.  The  output  shows 
whether  redundancy  is  enabled  in  the  cluster. 


Related  Commands      Command  Description 

standby  ip  Enables  HSRP  on  the  interface.  For  syntax  information,  select  Cisco  IOS  IP 

Command  Reference,  Volume  1  of  3:Addressing  and  Services,  Release 
12.2  >  IP  Services  Commands. 

show  cluster  Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 

belongs. 

show  standby  Displays  standby  group  information.  For  syntax  information,  select  Cisco 

IOS  IP  Command  Reference,  Volume  1  of  3:Addressing  and  Services, 
Release  12.2  >  IP  Services  Commands. 
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cluster  timer 

Use  the  cluster  timer  global  configuration  command  to  set  the  interval  in  seconds  between  heartbeat 
messages.  Use  the  no  form  of  this  command  to  set  the  interval  to  the  default  value. 

cluster  timer  interval-in-secs 

no  cluster  timer 


Syntax  Description       interval-in-secs  Interval  in  seconds  between  heartbeat  messages.  The  range  is  1  to  300 

seconds. 


Defaults  The  interval  is  8  seconds. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 


Usage  Guidelines       Enter  this  command  with  the  cluster  holdtime  global  configuration  command  only  on  the  cluster 

command  switch.  The  cluster  command  switch  propagates  the  values  to  all  its  cluster  members  so  that 
the  setting  is  consistent  among  all  switches  in  the  cluster. 

The  holdtime  is  typically  set  as  a  multiple  of  the  heartbeat  interval  timer  (cluster  timer).  For  example, 
it  takes  (holdtime-in-secs  divided  by  the  interval-in-secs)  number  of  heartbeat  messages  to  be  missed  in 
a  row  to  declare  a  switch  down. 


Examples  This  example  shows  how  to  change  the  heartbeat  interval  timer  and  the  duration  on  the  cluster  command 

switch: 

Switch(conf ig) #  cluster  timer  3 
Switch (config) #  cluster  holdtime  30 

You  can  verify  your  settings  by  entering  the  show  cluster  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  cluster  Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the  switch 

belongs. 
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define  interface-range 

Use  the  define  interface-range  global  configuration  command  to  create  an  interface-range  macro.  Use 
the  no  form  of  this  command  to  delete  the  defined  macro. 

define  interface-range  macro-name  interface-range 

no  define  interface-range  macro-name  interface-range 

Syntax  Description       macro-name  Name  of  the  interface-range  macro;  up  to  32  characters. 

interface-range       Interface  range;  for  valid  values  for  interface  ranges,  see  "Usage  Guidelines." 


Defaults  This  command  has  no  default  setting. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  macro  name  is  a  32-character  maximum  character  string. 
A  macro  can  contain  up  to  five  ranges. 

All  interfaces  in  a  range  must  be  the  same  type;  that  is,  all  Gigabit  Ethernet  ports,  all  EtherChannel  ports, 
or  all  VLANs,  but  you  can  combine  multiple  interface  types  in  a  macro. 

When  entering  the  interface-range,  use  this  format: 

•  type  {first-interface}  -  {last-interface} 

•  You  must  add  a  space  between  the  first  interface  number  and  the  hyphen  when  entering  an 
interface-range.  For  example,  gigabitethernet  0/1  -  2  is  a  valid  range;  gigabitethernet  0/1-2  is  not 

a  valid  range 

Valid  values  for  type  and  interface: 

•  vlan  vlan-id,  where  the  VLAN  ID  is  1  to  4094 

X   

Note     Though  options  exist  in  the  command-line  interface  to  set  multiple  VLAN  IDs,  it  is  not 
supported. 


VLAN  interfaces  must  have  been  configured  with  the  interface  vlan  command  (the  show 
running-config  privileged  EXEC  command  displays  the  configured  VLAN  interfaces).  VLAN 
interfaces  not  displayed  by  the  show  running-config  command  cannot  be  used  in  interface-ranges. 

•  port-channel  port-channel-number,  where  port-channel-number  is  from  1  to  48 

•  gigabitethernet  module/ {first port}  -  {last port} 
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For  physical  interfaces: 

•  module  is  always  0. 

•  the  range  is  type  Qlnumber  -  number  (for  example,  gigabitethernet  0/1  -  2). 
When  you  define  a  range,  you  must  enter  a  space  before  the  hyphen  (-),  for  example: 
gigabitethernetO/1  -  2 

You  can  also  enter  multiple  ranges.  When  you  define  multiple  ranges,  you  must  enter  a  space  after  the 
first  entry  before  the  comma  (,).  The  space  after  the  comma  is  optional,  for  example: 


Examples  This  example  shows  how  to  create  a  multiple-interface  macro: 

Switch ( config) #  define  interface-range  macrol  gigabitethernetO/1  -  2, 
gigabitethernetO/5  -  7 


Related  Commands      Command  Description 

interface  range  Executes  a  command  on  multiple  ports  at  the  same  time. 

show  running-config  Displays  the  current  operating  configuration,  including  defined 

macros.  For  syntax  information,  select  Cisco  IOS  Configuration 
Fundamentals  Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 
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delete 

Use  the  delete  privileged  EXEC  command  to  delete  a  file  or  directory  on  the  flash  memory  device, 
delete  [/force]  [/recursive]  filesystem:lfile-url 

Syntax  Description      /force  (Optional)  Suppress  the  prompt  that  confirms  the  deletion. 


/recursive 

(Optional)  Delete  the  named  directory  and  all  subdirectories  and  the  files  contained  in 
it. 

file  system: 

Alias  for  a  flash  file  system. 

The  syntax  for  the  local  flash  file  system: 

flash: 

Ifile-url 

The  path  (directory)  and  filename  to  delete. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        If  you  use  the  /force  keyword,  you  are  prompted  once  at  the  beginning  of  the  deletion  process  to  confirm 
the  deletion. 

If  you  use  the  /recursive  keyword  without  the  /force  keyword,  you  are  prompted  to  confirm  the  deletion 
of  every  file. 

The  prompting  behavior  depends  on  the  setting  of  the  file  prompt  global  configuration  command.  By 
default,  the  switch  prompts  for  confirmation  on  destructive  file  operations.  For  more  information  about 
this  command,  see  the  Cisco  IOS  Command  Reference,  Release  12.2. 


Examples  This  example  shows  how  to  remove  the  directory  that  contains  the  old  software  image  after  a  successful 

download  of  a  new  image: 

Switch#  delete  /force  /recursive  flash: /old-image 

You  can  verify  that  the  directory  was  removed  by  entering  the  dir  filesystem:  privileged  EXEC 
command. 


Related  Commands      Command  Description 

archive  download-sw     Downloads  a  new  image  to  the  switch  and  overwrites  or  keeps  the  existing 
image. 
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deny  (MAC  access-list  configuration) 

Use  the  deny  MAC  access-list  configuration  command  to  prevent  non-IP  traffic  from  being  forwarded 
if  the  conditions  are  matched.  Use  the  no  form  of  this  command  to  remove  a  deny  condition  from  the 
named  MAC  access  list. 

{deny  I  permit}  {any  I  host  src-MAC-addr  I  src-MAC-addr  mask}  {any  I  host  dst-MAC-addr  I 
dst-MAC-addr  mask}  [type  mask  I  aarp  I  amber  I  cos  cos  I  dec-spanning  I  decnet-iv  I 
diagnostic  I  dsm  I  etype-6000  I  etype-8042  I  lat  I  lavc-sca  I  lsap  Isap  mask  Imop-console  I 
mop-dump  I  msdos  I  mumps  I  netbios  I  vines-echo  I  vines-ip  I  xns-idp] 

no  {deny  I  permit}  {any  I  host  src-MAC-addr  I  src-MAC-addr  mask}  {any  I  host  dst-MAC-addr  I 
dst-MAC-addr  mask}  [type  mask  I  aarp  I  amber  I  cos  cos  I  dec-spanning  I  decnet-iv  I 
diagnostic  I  dsm  I  etype-6000  I  etype-8042  I  lat  I  lavc-sca  I  lsap  lsap  mask  I  mop-console  I 
mop-dump  I  msdos  I  mumps  I  netbios  I  vines-echo  I  vines-ip  I  xns-idp] 


Syntax  Description      any  Keyword  to  specify  to  deny  any  source  or  destination  MAC  address. 

host  src  MAC-addr  I  Define  a  host  MAC  address  and  optional  subnet  mask.  If  the  source 

src-MAC-addr  mask  address  for  a  packet  matches  the  defined  address,  non-IP  traffic  from  that 

address  is  denied. 

host  dst-MAC-addr  I  Define  a  destination  MAC  address  and  optional  subnet  mask.  If  the 

dst-MAC-addr  mask  destination  address  for  a  packet  matches  the  defined  address,  non-IP 

traffic  to  that  address  is  denied. 

type  mask  (Optional)  Use  the  Ethertype  number  of  a  packet  with  Ethernet  II  or 

SNAP  encapsulation  to  identify  the  protocol  of  the  packet. 

The  type  is  0  to  65535,  specified  in  hexadecimal. 


The  mask  is  a  mask  of  don't  care  bits  applied  to  the  Ethertype  before 
testing  for  a  match. 


aarp 

(Optional)  Select  Ethertype  AppleTalk  Address  Resolution  Protocol  that 

maps  a  data-link  address  to  a  network  address. 

amber 

(Optional)  Select  EtherType  DEC-Amber. 

cos  cos 

(Optional)  Select  a  class  of  service  (CoS)  number  from  0  to  7  to  set 

priority.  Filtering  on  CoS  can  be  performed  only  in  hardware.  A  warning 

message  reminds  the  user  if  the  cos  option  is  configured. 

dec-spanning 

(Optional)  Select  EtherType  Digital  Equipment  Corporation  (DEC) 

spanning  tree. 

decnet-iv 

(Optional)  Select  EtherType  DECnet  Phase  IV  protocol. 

diagnostic 

(Optional)  Select  EtherType  DEC-Diagnostic. 

dsm 

(Optional)  Select  EtherType  DEC-DSM. 

etype-6000 

(Optional)  Select  EtherType  0x6000. 

etype-8042 

(Optional)  Select  EtherType  0x8042. 

lat 

(Optional)  Select  EtherType  DEC-LAT. 

lavc-sca 

(Optional)  Select  EtherType  DEC-LAVC-SCA. 
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in  on-con  sol  p 

(Optional)  Select  EtherTvne  DEC-MOP  Remote  Console 

mop-dump 

(Optional)  Select  Ether  lype  DEC-MOP  Dump. 

msdos 

(Optional)  Select  EtherType  DEC-MSDOS. 

mumps 

(Optional)  Select  EtherType  DEC-MUMPS. 

netbios 

(Optional)  Select  EtherType  DEC-  Network  Basic  Input/Output  System 

(NETBIOS). 

vines-echo 

(Optional)  Select  EtherType  Virtual  Integrated  Network  Service  (VINES) 

Echo  from  Banyan  Systems. 

vines-ip 

(Optional)  Select  EtherType  VINES  IP. 

xns-idp 

(Optional)  Select  EtherType  Xerox  Network  Systems  (XNS)  protocol 

suite  (0  to  65535),  an  arbitrary  Ethertype  in  decimal,  hexadecimal,  or 

octal. 

Though  visible  in  the  command-line  help  strings,  appletalk  is  not  supported  as  a  matching  condition. 

To  filter  IPX  traffic,  you  use  the  type  mask  or  lsap  Isap  mask  keywords,  depending  on  the  type  of  IPX 
encapsulation  being  used.  Filter  criteria  for  IPX  encapsulation  types  as  specified  in  Novell  terminology 
and  Cisco  IOS  terminology  are  listed  in  Table  2-4. 


Table  2-4     IPX  Filtering  Criteria 


IPX  Encapsulation  Type 

Cisco  IOS  Name 

Novel  Name 

Filter  Criterion 

arpa 

Ethernet  II 

Ethertype  0x8137 

snap 

Ethernet-snap 

Ethertype  0x8137 

sap 

Ethernet  802.2 

LSAP  OxEOEO 

novell-ether 

Ethernet  802.3 

LSAP  OxFFFF 

Defaults  This  command  has  no  defaults.  However,  the  default  action  for  a  MAC-named  ACL  is  to  deny. 


Command  Modes        MAC-access  list  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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Usage  Guidelines       You  enter  MAC-access  list  configuration  mode  by  using  the  mac  access-list  extended  global 
configuration  command. 

If  you  use  the  host  keyword,  you  cannot  enter  an  address  mask;  if  you  do  not  use  the  host  keyword,  you 
must  enter  an  address  mask. 

When  an  access  control  entry  (ACE)  is  added  to  an  access  control  list,  an  implied  deny-any-any 
condition  exists  at  the  end  of  the  list.  That  is,  if  there  are  no  matches,  the  packets  are  denied.  However, 
before  the  first  ACE  is  added,  the  list  permits  all  packets. 

For  more  information  about  named  MAC  extended  access  lists,  see  the  software  configuration  guide  for 
this  release. 


Examples  This  example  shows  how  to  define  the  named  MAC  extended  access  list  to  deny  NETBIOS  traffic  from 

any  source  to  MAC  address  00c0.00a0.03fa.  Traffic  matching  this  list  is  denied. 

Switch ( conf ig-ext-macl ) #  deny  any  host  00c0.00a0.03fa  netbios. 

This  example  shows  how  to  remove  the  deny  condition  from  the  named  MAC  extended  access  list: 

Switch (conf ig-ext-macl ) #  no  deny  any  OOcO . OOaO . 03f a  0000.0000.0000  netbios. 

This  example  denies  all  packets  with  Ethertype  0x4321: 

Switch ( conf ig-ext-macl ) #  deny  any  any  0x4321  0 

You  can  verify  your  settings  by  entering  the  show  access-lists  privileged  EXEC  command. 


Related  Commands      Command  Description 


mac  access-list  extended 

Creates  an  access  list  based  on  MAC  addresses  for  non-IP  traffic. 

permit  (MAC  access-list 

Permits  non-IP  traffic  to  be  forwarded  if  conditions  are  matched. 

configuration) 

show  access-lists 

Displays  access  control  lists  configured  on  a  switch. 
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dotlx 

Use  the  dotlx  global  configuration  command  to  globally  enable  IEEE  802.  lx  authentication.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

dotlx  {critical  {eapol  I  recovery  delay  milliseconds]  I  system-auth-control} 

no  dotlx  {credentials  I  critical  {eapol  I  recovery  delay}  I  system-auth-control} 

X   

Note      Though  visible  in  the  command-line  help  strings,  the  credentials  name  keywords  are  not  supported. 


Syntax  Description 


critical  {eapol  I 
recovery  delay 

milliseconds] 


Configure  the  inaccessible  authentication  bypass  parameters.  For  more 
information,  see  the  dotlx  critical  (global  configuration)  command. 


system-auth-control       Enable  IEEE  802. lx  authentication  globally  on  the  switch. 


Defaults 


IEEE  802.  lx  authentication  is  disabled. 


Command  Modes 


Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 

12.2(25)SEE  The  critical  {eapol  I  recovery  delay  milliseconds]  keywords  were  added. 

The  guest-vlan  supplicant  keyword  was  removed. 


Usage  Guidelines        You  must  enable  authentication,  authorization,  and  accounting  (AAA)  and  specify  the  authentication 
method  list  before  globally  enabling  IEEE  802.  lx  authentication.  A  method  list  describes  the  sequence 
and  authentication  methods  to  be  used  to  authenticate  a  user. 

Before  globally  enabling  IEEE  802. lx  authentication  on  a  switch,  remove  the  EtherChannel 
configuration  from  the  interfaces  on  which  IEEE  802.  lx  authentication  and  EtherChannel  are 
configured. 

If  you  are  using  a  device  running  the  Cisco  Access  Control  Server  (ACS)  application  for  IEEE  802.  lx 
authentication  with  EAP-Transparent  LAN  Services  (TLS)  and  with  EAP-MD5,  make  sure  that  the 
device  is  running  ACS  Version  3.2.1  or  later. 


Examples  This  example  shows  how  to  globally  enable  IEEE  802.  lx  authentication  on  a  switch: 

Switch (config) #  dotlx  system-auth-control 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 
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Related  Commands      Command  Description 


dotlx  critical  (global 

Configures  the  parameters  for  the  inaccessible  authentication  bypass 

configuration) 

feature  on  the  switch. 

dotlx  guest-vlan 

Enables  and  specifies  an  active  VLAN  as  an  IEEE  802.  lx  guest  VLAN. 

dotlx  port-control 

Enables  manual  control  of  the  authorization  state  of  the  port. 

show  dotlx  [interface 

Displays  IEEE  802.  lx  status  for  the  specified  port. 

interface-id] 
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dotlx  auth-fail  max-attempts 

Use  the  dotlx  auth-fail  max-attempts  interface  configuration  command  to  configure  the  maximum 
allowable  authentication  attempts  before  a  port  is  moved  to  the  restricted  VLAN.  To  return  to  the  default 
setting,  use  the  no  form  of  this  command. 

dotlx  auth-fail  max-attempts  max-attempts 

no  dotlx  auth-fail  max-attempts 


Syntax  Description       max-attempts  Specify  a  maximum  number  of  authentication  attempts  allowed  before  a  port 

is  moved  to  the  restricted  VLAN.  The  range  is  1  to  3,  the  default  value  is  3. 


Defaults  The  default  value  is  3  attempts. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced. 


Usage  Guidelines        If  you  reconfigure  the  maximum  number  of  authentication  attempts  allowed  by  the  VLAN,  the  change 
takes  effect  after  the  re-authentication  timer  expires. 


Examples  This  example  shows  how  to  set  2  as  the  maximum  number  of  authentication  attempts  allowed  before  the 

port  is  moved  to  the  restricted  VLAN  on  port  3: 

Switch#  configure  terminal 

Enter  configuration  commands,   one  per  line.   End  with  CNTL/Z. 
Switch (config) #  interface  gigabitethernetO/3 
Switch (config-if) #  dotlx  auth-fail  max-attempts  2 

Switch (config-if) #  end 
Switch (config) #  end 
Switch* 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 
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doflx  auth-fail  max-attempts 


Related  Commands  Command 


dotlx  auth-fail  vlan  [vlan  id] 
dotlx  max-reauth-req  [count] 


Description 


Enables  the  optional  restricted  VLAN  feature. 

Sets  the  maximum  number  of  times  that  the  switch  restarts 
the  authentication  process  before  a  port  changes  to  the 
unauthorized  state. 


show  dotlx  [interface  interface-id]        Displays  IEEE  802. lx  status  for  the  specified  port. 
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dotlx  auth-fail  vlan 


Use  the  dotlx  auth-fail  vlan  interface  configuration  command  to  enable  the  restricted  VLAN  on  a  port. 
To  return  to  the  default  setting,  use  the  no  form  of  this  command. 

dotlx  auth-fail  vlan  vlan-id 

no  dotlx  auth-fail  vlan 


Syntax  Description 


vlan-id 


Specify  a  VLAN  in  the  range  of  1  to  4094. 


Defaults 


No  restricted  VLAN  is  configured. 


Command  Modes 


Interface  configuration 


Command  History 


Release  Modification 

12.2(25)SED  This  command  was  introduced. 


Usage  Guidelines 


You  can  configure  a  restricted  VLAN  on  ports  configured  as  follows: 

•  single-host  (default)  mode 

•  auto  mode  for  authorization 

You  should  enable  re-authentication.  The  ports  in  restricted  VLANs  do  not  receive  re-authentication 
requests  if  it  is  disabled.  To  start  the  re-authentication  process,  the  restricted  VLAN  must  receive  a 
link-down  event  or  an  Extensible  Authentication  Protocol  (EAP)  logoff  event  from  the  port.  If  a  host  is 
connected  through  a  hub,  the  port  might  never  receive  a  link-down  event  when  that  host  is  disconnected, 
and,  as  a  result,  might  not  detect  any  new  hosts  until  the  next  re-authentication  attempt  occurs. 

If  the  supplicant  fails  authentication,  the  port  is  moved  to  a  restricted  VLAN,  and  an  EAP  success 
message  is  sent  to  the  supplicant.  Because  the  supplicant  is  not  notified  of  the  actual  authentication 
failure,  there  might  be  confusion  about  this  restricted  network  access.  An  EAP  success  message  is  sent 
for  these  reasons: 

•  If  the  EAP  success  message  is  not  sent,  the  supplicant  tries  to  authenticate  every  60  seconds  (the 
default)  by  sending  an  EAP-start  message. 

•  Some  hosts  (for  example,  devices  running  Windows  XP)  cannot  implement  DHCP  until  they  receive 
an  EAP  success  message. 

A  supplicant  might  cache  an  incorrect  username  and  password  combination  after  receiving  an  EAP 
success  message  from  the  authenticator  and  re-use  that  information  in  every  re-authentication.  Until  the 
supplicant  sends  the  correct  username  and  password  combination,  the  port  remains  in  the  restricted 
VLAN. 

Internal  VLANs  used  for  Layer  3  ports  cannot  be  configured  as  restricted  VLANs. 

You  cannot  configure  a  VLAN  to  be  both  a  restricted  VLAN  and  a  voice  VLAN.  If  you  do  this,  a  syslog 
message  is  generated. 
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When  a  restricted  VLAN  port  is  moved  to  an  unauthorized  state,  the  authentication  process  restarts.  If 
the  supplicant  fails  the  authentication  process  again,  the  authenticator  waits  in  the  held  state.  After  the 
supplicant  has  correctly  re-authenticated,  all  IEEE  802.  lx  ports  are  reinitialized  and  treated  as  normal 
IEEE  802.  lx  ports. 

When  you  reconfigure  a  restricted  VLAN  as  a  different  VLAN,  any  ports  in  the  restricted  VLAN  are  also 
moved,  and  the  ports  stay  in  their  currently  authorized  state. 

When  you  shut  down  or  remove  a  restricted  VLAN  from  the  VLAN  database,  any  ports  in  the  restricted 
VLAN  are  immediately  moved  to  an  unauthorized  state,  and  the  authentication  process  restarts.  The 
authenticator  does  not  wait  in  a  held  state  because  the  restricted  VLAN  configuration  still  exists.  While 
the  restricted  VLAN  is  inactive,  all  authentication  attempts  are  counted  so  that  when  the  restricted 
VLAN  becomes  active,  the  port  is  immediately  placed  in  the  restricted  VLAN. 

The  restricted  VLAN  is  supported  only  in  single  host  mode  (the  default  port  mode).  For  this  reason, 
when  a  port  is  placed  in  a  restricted  VLAN,  the  supplicant's  MAC  address  is  added  to  the  MAC  address 
table,  and  any  other  MAC  address  that  appears  on  the  port  is  treated  as  a  security  violation. 


Examples  This  example  shows  how  to  configure  a  restricted  VLAN  on  port  1: 

Switch#  configure  terminal 

Enter  configuration  commands,   one  per  line.   End  with  CNTL/Z. 
Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  dotlx  auth-fail  vlan  40 

Switch (config-if) #  end 
Switch* 

You  can  verify  your  configuration  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 

dotlx  auth-fail  max-attempts  Configures  the  number  of  authentication  attempts  allowed 

[max-attempts]  before  assigning  a  supplicant  to  the  restricted  VLAN. 

show  dotlx  [interface  interface-id]  Displays  IEEE  802.  lx  status  for  the  specified  port. 
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dotlx  control-direction 

Use  the  dotlx  control-direction  interface  configuration  command  to  enable  the  IEEE  802.  lx 
authentication  with  the  wake-on-LAN  (WoL)  feature  and  to  configure  the  port  control  as  unidirectional 
or  bidirectional.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  control-direction  {both  I  in} 

no  dotlx  control-direction 


Syntax  Description      both  Enable  bidirectional  control  on  port.  The  port  cannot  receive 

packets  from  or  send  packets  to  the  host. 

in  Enable  unidirectional  control  on  port.  The  port  can  send  packets  to 

the  host  but  cannot  receive  packets  from  the  host. 


Defaults  The  port  is  in  bidirectional  mode. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced 


Usage  Guidelines       Use  the  both  keyword  or  the  no  form  of  this  command  to  return  to  the  default  setting,  bidirectional 
mode. 

For  more  information  about  WoL,  see  the  "Using  IEEE  802.  lx  Authentication  with  Wake-on-LAN" 
section  in  the  "Configuring  IEEE  802.  lx  Port-Based  Authentication"  chapter  in  the  software 
configuration  guide. 


Examples  This  example  shows  how  to  enable  unidirectional  control: 

Switch (config-if) #  dotlx  control-direction  in 

This  example  shows  how  to  enable  bidirectional  control: 

Switch (config-if ) #  dotlx  control-direction  both 

You  can  verify  your  settings  by  entering  the  show  dotlx  all  privileged  EXEC  command. 

The  show  dotlx  all  privileged  EXEC  command  output  is  the  same  for  all  switches  except  for  the  port 
names  and  the  state  of  the  port.  If  a  host  is  attached  to  the  port  but  is  not  yet  authenticated,  a  display 
similar  to  this  appears: 

Supplicant  MAC  0002 . b3 9a . 9275 
AuthSM  State  =  CONNECTING 
BendSM  State  =  IDLE 
PortStatus  =  UNAUTHORIZED 
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If  you  enter  the  dotlx  control-direction  in  interface  configuration  command  to  enable  unidirectional 
control,  this  appears  in  the  show  dotlx  all  command  output: 

ControlDirection     =  In 

If  you  enter  the  dotlx  control-direction  in  interface  configuration  command  and  the  port  cannot  support 
this  mode  due  to  a  configuration  conflict,  this  appears  in  the  show  dotlx  all  command  output: 

ControlDirection     =  In   (Disabled  due  to  port  settings) 


Related  Commands 


Command 


Description 


show  dotlx  [all  I  interface 

interface-id] 


Displays  control-direction  port  setting  status  for  the  specified 
interface. 
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Use  the  dotlx  critical  global  configuration  command  on  a  standalone  switch  to  configure  the  parameters 
for  the  inaccessible  authentication  bypass  feature,  also  referred  to  as  critical  authentication  or  the 
authentication,  authorization,  and  accounting  (AAA)  fail  policy.  To  return  to  default  settings,  use  the  no 
form  of  this  command. 

dotlx  critical  {eapol  I  recovery  delay  milliseconds} 

no  dotlx  critical  { eapol  I  recovery  delay } 


Syntax  Description  eapol 


Specify  that  the  switch  sends  an  EAPOL-Success  message  when  the 
switch  puts  the  critical  port  in  the  critical-authentication  state. 


recovery  delay  milliseconds 


Set  the  recovery  delay  period  in  milliseconds.  The  range  is  from  1 
to  10000  milliseconds. 


Defaults 


The  switch  does  not  send  an  EAPOL-Success  message  to  the  host  when  the  switch  successfully 
authenticates  the  critical  port  by  putting  the  critical  port  in  the  critical-authentication  state. 

The  recovery  delay  period  is  1000  milliseconds  (1  second). 


Command  Modes 


Global  configuration 


Command  History 


Release  Modification 

12.2(25)SEE  This  command  was  introduced. 


Usage  Guidelines 


Use  the  eapol  keyword  to  specify  that  the  switch  sends  an  EAPOL-Success  message  when  the  switch 
puts  the  critical  port  in  the  critical-authentication  state. 

Use  the  recovery  delay  milliseconds  keyword  to  set  the  recovery  delay  period  during  which  the  switch 
waits  to  re-initialize  a  critical  port  when  a  RADIUS  server  that  was  unavailable  becomes  available.  The 
default  recovery  delay  period  is  1000  milliseconds.  A  port  can  be  re-initialized  every  second. 

To  enable  inaccessible  authentication  bypass  on  a  port,  use  the  dotlx  critical  interface  configuration 
command.  To  configure  the  access  VLAN  to  which  the  switch  assigns  a  critical  port,  use  the  dotlx 
critical  vlan  vlan-id  interface  configuration  command. 


Examples 


This  example  shows  how  to  set  200  as  the  recovery  delay  period  on  the  switch: 

Switch#  dotlx  critical  recovery  delay  200 

You  can  verify  your  configuration  by  entering  the  show  dotlx  privileged  EXEC  command. 


2-80 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Chapter  2    CGESM  Switch  Cisco  IPS  Commands 


dotlx  critical  (global  configuration)  M 


Related  Commands      Command  Description 

dotlx  critical  (interface  Enables  the  inaccessible  authentication  bypass  feature,  and 

configuration)  configures  the  access  VLAN  for  the  feature. 

show  dotlx  Displays  IEEE  802. lx  status  for  the  specified  port. 
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dotlx  critical  (interface  configuration) 


Use  the  dotlx  critical  interface  configuration  command  on  a  standalone  switch  to  enable  the 
inaccessible-authentication-bypass  feature,  also  referred  to  as  critical  authentication  or  the 
authentication,  authorization,  and  accounting  (AAA)  fail  policy.  You  can  also  configure  the  access 
VLAN  to  which  the  switch  assigns  the  critical  port  when  the  port  is  in  the  critical-authentication  state. 
To  disable  the  feature  or  return  to  default,  use  the  no  form  of  this  command. 

dotlx  critical  [recovery  action  reinitialize  I  vlan  vlan-id] 

no  dotlx  critical  [recovery  I  vlan] 


Syntax  Description      recovery  action  reinitialize 


Enable  the  inaccessible-authentication-bypass  recovery  feature,  and 
specify  that  the  recovery  action  is  to  authenticate  the  port  when  an 
authentication  server  is  available. 


vlan  vlan-id 


Specify  the  access  VLAN  to  which  the  switch  can  assign  a  critical 
port.  The  range  is  from  1  to  4094. 


Defaults 


The  inaccessible-authentication-bypass  feature  is  disabled. 
The  recovery  action  is  not  configured. 
The  access  VLAN  is  not  configured. 


Command  Modes 


Interface  configuration 


Command  History  Release 


12.2(25)SEE 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


To  specify  the  access  VLAN  to  which  the  switch  assigns  a  critical  port  when  the  port  is  in  the 
critical-authentication  state,  use  the  vlan  vlan-id  keywords.  The  specified  type  of  VLAN  must  match  the 
type  of  port,  as  follows: 

•  If  the  critical  port  is  an  access  port,  the  VLAN  must  be  an  access  VLAN. 

•  If  the  critical  port  is  a  private  VLAN  host  port,  the  VLAN  must  be  a  secondary  private  VLAN. 

•  If  the  critical  port  is  a  routed  port,  you  can  specify  a  VLAN,  but  this  is  optional. 

If  the  client  is  running  Windows  XP  and  the  critical  port  to  which  the  client  is  connected  is  in  the 
critical-authentication  state,  Windows  XP  might  report  that  the  interface  is  not  authenticated. 

If  the  Windows  XP  client  is  configured  for  DHCP  and  has  an  IP  address  from  the  DHCP  server,  receiving 
an  EAP-Success  message  on  a  critical  port  might  not  re-initiate  the  DHCP  configuration  process. 
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You  can  configure  the  inaccessible  authentication  bypass  feature  and  the  restricted  VLAN  on  an 
IEEE  802.  lx  port.  If  the  switch  tries  to  re-authenticate  a  critical  port  in  a  restricted  VLAN  and  all  the 
RADIUS  servers  are  unavailable,  the  switch  changes  the  port  state  to  the  critical  authentication  state, 
and  it  remains  in  the  restricted  VLAN. 

You  can  configure  the  inaccessible  bypass  feature  and  port  security  on  the  same  switch  port. 


Examples  This  example  shows  how  to  enable  the  inaccessible  authentication  bypass  feature  on  port  1: 

Switch#  configure  terminal 

Enter  configuration  commands,   one  per  line.   End  with  CNTL/Z. 
Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  dotlx  critical 

Switch (config-if) #  end 
Switch (config) #  end 
Switch* 

You  can  verify  your  configuration  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 

dotlx  critical  (global  configuration)     Configures  the  parameters  for  the  inaccessible  authentication 

bypass  feature  on  the  switch. 

show  dotlx  [interface  interface-id]        Displays  IEEE  802.  lx  status  for  the  specified  port. 
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dotlx  default 


Use  the  dotlx  default  interface  configuration  command  to  reset  the  IEEE  802.  lx  parameters  to  their 
default  values. 

dotlx  default 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


These  are  the  default  values: 

•  The  per-port  IEEE  802. lx  protocol  enable  state  is  disabled  (force-authorized). 

•  The  number  of  seconds  between  re-authentication  attempts  is  3600  seconds. 

•  The  periodic  re-authentication  is  disabled. 

•  The  quiet  period  is  60  seconds. 

•  The  retransmission  time  is  30  seconds. 

•  The  maximum  retransmission  number  is  2  times. 

•  The  host  mode  is  single  host. 

•  The  client  timeout  period  is  30  seconds. 

•  The  authentication  server  timeout  period  is  30  seconds. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Examples 


This  example  shows  how  to  reset  the  IEEE  802.  lx  parameters  on  a  port: 

Switch (config-if) #  dotlx  default 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands  Command 


Description 


show  dotlx  [interface  interface-id]      Displays  IEEE  802. lx  status  for  the  specified  port. 
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dotlx  fallback 

Use  the  dotlxfallback  interface  configuration  command  on  the  switch  stack  or  on  a  standalone  switch 
to  configure  a  port  to  use  web  authentication  as  a  fallback  method  for  clients  that  do  not  support 
IEEE  802.  lx  authentication.  To  return  to  the  default  setting,  use  the  no  form  of  this  command. 

dotlx  fallback  profile 

no  dotlx  fallback 


Syntax  Description      profile  Specify  a  fallback  profile  for  clients  that  do  not  support  IEEE  802.  lx 

authentication. 


Defaults  No  fallback  is  enabled. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(35)SE  This  command  was  introduced. 


Usage  Guidelines       You  must  enter  the  dotlx  port-control  auto  interface  configuration  command  on  a  switch  port  before 
entering  this  command. 


Examples  This  example  shows  how  to  specify  a  fallback  profile  to  a  switch  port  that  has  been  configured  for 

IEEE  802.  lx  authentication: 

Switch#  configure  terminal 

Enter  configuration  commands,   one  per  line.   End  with  CNTL/Z. 
Switch ( config) #  interface  gigabitethernetl/0/3 
Switch (config-if) #  dotlx  fallback  profilel 

Switch (conf ig-fallback-prof ile) #  exit 
Switch (config) #  end 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 


show  dotlx  [interface  interface-id] 

Displays  IEEE  802.  lx  status  for  the  specified  port. 

fallback  profile 

Create  a  web  authentication  fallback  profile. 

ip  admission 

Enable  web  authentication  on  a  port 

ip  admission  name  proxy  http 

Enable  web  authentication  globally  on  a  switch 
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dotlx  guest-vlan 

Use  the  dotlx  guest-vlan  interface  configuration  command  to  specify  an  active  VLAN  as  an 
IEEE  802.  lx  guest  VLAN.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  guest-vlan  vlan-id 

no  dotlx  guest-vlan 


Syntax  Description       vlan-id  Specify  an  active  VLAN  as  an  IEEE  802. lx  guest  VLAN.  The  range  is  1 

to  4094. 


Defaults  No  guest  VLAN  is  configured. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  usage  guidelines  were  modified. 

Usage  Guidelines       You  can  configure  a  guest  VLAN  on  one  of  these  switch  ports: 

•  A  static-access  port  that  belongs  to  a  nonprivate  VLAN. 

•  A  private- VLAN  port  that  belongs  to  a  secondary  private  VLAN.  All  the  hosts  connected  to  the 
switch  port  are  assigned  to  private  VLANs,  whether  or  not  the  posture  validation  was  successful. 
The  switch  determines  the  primary  private  VLAN  by  using  the  primary-  and 
secondary-private-VLAN  associations  on  the  switch. 

For  each  IEEE  802.  lx  port  on  the  switch,  you  can  configure  a  guest  VLAN  to  provide  limited  services 
to  clients  (a  device  or  workstation  connected  to  the  switch)  not  running  IEEE  802. lx  authentication. 
These  users  might  be  upgrading  their  systems  for  IEEE  802.  lx  authentication,  and  some  hosts,  such  as 
Windows  98  systems,  might  not  be  IEEE  802.1x-capable. 

When  you  enable  a  guest  VLAN  on  an  IEEE  802. lx  port,  the  switch  assigns  clients  to  a  guest  VLAN 
when  it  does  not  receive  a  response  to  its  Extensible  Authentication  Protocol  over  LAN  (EAPOL) 
request/identity  frame  or  when  EAPOL  packets  are  not  sent  by  the  client. 

The  switch  maintains  the  EAPOL  packet  history.  If  another  EAPOL  packet  is  detected  on  the  interface 
during  the  lifetime  of  the  link,  the  guest  VLAN  feature  is  disabled.  If  the  port  is  already  in  the  guest 
VLAN  state,  the  port  returns  to  the  unauthorized  state,  and  authentication  restarts.  The  EAPOL  history 
is  reset  upon  loss  of  link. 

In  releases  earlier  than  Cisco  IOS  Release  12.2(25)SEE,  you  can  use  the  dotlx  guest-vlan  supplicant 
global  configuration  command  to  enable  the  switch  to  not  maintain  the  EAPOL  packet  history  and  to 
allow  clients  that  failed  authentication  access  to  the  guest  VLAN,  regardless  of  whether  EAPOL  packets 
had  been  detected  on  the  interface. 
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However,  in  Cisco  IOS  Release  12.2(25)SEE,  the  dotlx  guest-vlan  supplicant  global  configuration 
command  is  no  longer  supported.  You  can  use  a  restricted  VLAN  to  allow  clients  that  failed 
authentication  access  to  the  network  by  entering  the  dotlx  auth-fail  vlan  vlan-id  interface  configuration 
command. 

Any  number  of  non-IEEE  802.1x-capable  clients  are  allowed  access  when  the  switch  port  is  moved  to 
the  guest  VLAN.  If  an  IEEE  802.1x-capable  client  joins  the  same  port  on  which  the  guest  VLAN  is 
configured,  the  port  is  put  into  the  unauthorized  state  in  the  RADIUS-configured  or  user-configured 
access  VLAN,  and  authentication  is  restarted. 

Guest  VLANs  are  supported  on  IEEE  802.  lx  ports  in  single-host  or  multiple-hosts  mode. 

You  can  configure  any  active  VLAN  except  an  Remote  Switched  Port  Analyzer  (RSPAN)  VLAN  or  a 
voice  VLAN  as  an  IEEE  802. lx  guest  VLAN.  The  guest  VLAN  feature  is  not  supported  on  trunk  ports; 
it  is  supported  only  on  access  ports. 

After  you  configure  a  guest  VLAN  for  an  IEEE  802. lx  port  to  which  a  DHCP  client  is  connected,  you 
might  need  to  get  a  host  IP  address  from  a  DHCP  server.  You  can  change  the  settings  for  restarting  the 
IEEE  802. lx  authentication  process  on  the  switch  before  the  DHCP  process  on  the  client  times  out  and 
tries  to  get  a  host  IP  address  from  the  DHCP  server.  Decrease  the  settings  for  the  IEEE  802.  lx 
authentication  process  (dotlx  timeout  quiet-period  and  dotlx  timeout  tx-period  interface 
configuration  commands).  The  amount  to  decrease  the  settings  depends  on  the  connected  IEEE  802.  lx 
client  type. 

The  switch  supports  MAC  authentication  bypass  in  Cisco  IOS  Release  12.2(25)SEE  and  later.  When  it 
is  enabled  on  an  IEEE  802. lx  port,  the  switch  can  authorize  clients  based  on  the  client  MAC  address 
when  IEEE  802.  lx  authentication  times  out  while  waiting  for  an  EAPOL  message  exchange.  After 
detecting  a  client  on  an  IEEE  802.  lx  port,  the  switch  waits  for  an  Ethernet  packet  from  the  client.  The 
switch  sends  the  authentication  server  a  RADIUS-access/request  frame  with  a  username  and  password 
based  on  the  MAC  address.  If  authorization  succeeds,  the  switch  grants  the  client  access  to  the  network. 
If  authorization  fails,  the  switch  assigns  the  port  to  the  guest  VLAN  if  one  is  specified.  For  more 
information,  see  the  "Using  IEEE  802. lx  Authentication  with  MAC  Authentication  Bypass"  section  in 
the  "Configuring  IEEE  802.  lx  Port-Based  Authentication"  chapter  of  the  software  configuration  guide. 


Examples  This  example  shows  how  to  specify  VLAN  5  as  an  IEEE  802. lx  guest  VLAN: 

Switch (config-if) #  dotlx  guest-vlan  5 

This  example  shows  how  to  set  3  as  the  quiet  time  on  the  switch,  to  set  15  as  the  number  of  seconds  that 
the  switch  waits  for  a  response  to  an  EAP-request/identity  frame  from  the  client  before  resending  the 
request,  and  to  enable  VLAN  2  as  an  IEEE  802.  lx  guest  VLAN  when  an  IEEE  802.  lx  port  is  connected 
to  a  DHCP  client: 

Switch (config-if ) #  dotlx  timeout  quiet-period  3 
Switch(conf ig-if ) #  dotlx  timeout  tx-period  15 
Switch (config-if ) #  dotlx  guest-vlan  2 

This  example  shows  how  to  enable  the  optional  guest  VLAN  behavior  and  to  specify  VLAN  5  as  an 
IEEE  802.  lx  guest  VLAN: 

Switch (config) #  dotlx  guest-vlan  supplicant 
Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if ) #  dotlx  guest-vlan  5 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 
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Related  Commands 


Command 

Description 

dotlx 

Enables  the  optional 

guest  VLAN  supplicant  feature. 

show  dotlx  [interface  interface-id] 

Displays  IEEE  802.1 

x  status  for  the  specified  port. 
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dotlx  host-mode 

Use  the  dotlx  host-mode  interface  configuration  command  to  allow  a  single  host  (client)  or  multiple 
hosts  on  an  IEEE  802.1x-authorized  port  that  has  the  dotlx  port-control  interface  configuration 
command  set  to  auto.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  host-mode  {multi-host  I  single-host} 

no  dotlx  host-mode  [multi-host  I  single-host] 


Syntax  Description      multi-host  Enable  multiple-hosts  mode  on  the  switch. 

single-host  Enable  single-host  mode  on  the  switch. 


Defaults  The  default  is  single-host  mode. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Use  this  command  to  limit  an  IEEE  802.1x-enabled  port  to  a  single  client  or  to  attach  multiple  clients  to 
an  IEEE  802.1x-enabled  port.  In  multiple-hosts  mode,  only  one  of  the  attached  hosts  needs  to  be 
successfully  authorized  for  all  hosts  to  be  granted  network  access.  If  the  port  becomes  unauthorized 
(re-authentication  fails  or  an  Extensible  Authentication  Protocol  over  LAN  [EAPOL] -logoff  message  is 
received),  all  attached  clients  are  denied  access  to  the  network. 

Before  entering  this  command,  make  sure  that  the  dotlx  port-control  interface  configuration  command 
is  set  to  auto  for  the  specified  port. 


Examples  This  example  shows  how  to  enable  IEEE  802. lx  authentication  globally,  to  enable  IEEE  802. lx 

authentication  on  a  port,  and  to  enable  multiple-hosts  mode: 

Switch (config) #  dotlx  system-auth-control 
Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  dotlx  port-control  auto 
Switch (config-if) #  dotlx  host-mode  multi-host 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  dotlx  [interface  interface-id]        Displays  IEEE  802.  lx  status  for  the  specified  port. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


2-89 


H dotlx  initialize 


Chapter  2     CGESM  Switch  Cisco  IPS  Commands  | 
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Use  the  dotlx  initialize  privileged  EXEC  command  to  manually  return  the  specified 

IEEE  802.1x-enabled  port  to  an  unauthorized  state  before  initiating  a  new  authentication  session  on  the 

port. 

dotlx  initialize  [interface  interface-id] 


Syntax  Description      interface  interface-id         (Optional)  Port  to  be  initialized. 


Defaults 


There  is  no  default  setting. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  this  command  to  initialize  the  IEEE  802.  lx  state  machines  and  to  set  up  a  fresh  environment  for 
authentication.  After  you  enter  this  command,  the  port  status  becomes  unauthorized. 

There  is  not  a  no  form  of  this  command. 


Examples 


This  example  shows  how  to  manually  initialize  a  port: 

Switch)!  dotlx  initialize  interface  gigabitethernetO/2 

You  can  verify  the  unauthorized  port  status  by  entering  the  show  dotlx  [interface  interface-id] 
privileged  EXEC  command. 


Related  Commands 


Command 

show  dotlx  [interface  interface-id] 


Description 

Displays  IEEE  802. lx  status  for  the  specified  port. 
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doflx  mac-auth-bypass 


Use  the  dotlx  mac-auth-bypass  interface  configuration  command  to  enable  the  MAC  authentication 
bypass  feature.  Use  the  no  form  of  this  command  to  disable  MAC  authentication  bypass  feature. 

dotlx  mac-auth-bypass  [eap] 

no  dotlx  mac-auth-bypass 


Syntax  Description  eap 


(Optional)  Configure  the  switch  to  use  Extensible  Authentication  Protocol 
(EAP)  for  authentication. 


Defaults 


MAC  authentication  bypass  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SEE 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Unless  otherwise  stated,  the  MAC  authentication  bypass  usage  guidelines  are  the  same  as  the 
IEEE  802.  lx  authentication  guidelines. 

If  you  disable  MAC  authentication  bypass  from  a  port  after  the  port  has  been  authenticated  with  its  MAC 
address,  the  port  state  is  not  affected. 

If  the  port  is  in  the  unauthorized  state  and  the  client  MAC  address  is  not  the  authentication-server 
database,  the  port  remains  in  the  unauthorized  state.  However,  if  the  client  MAC  address  is  added  to  the 
database,  the  switch  can  use  MAC  authentication  bypass  to  re-authorize  the  port. 

If  the  port  is  in  the  authorized  state,  the  port  remains  in  this  state  until  re-authorization  occurs. 

If  an  EAPOL  packet  is  detected  on  the  interface  during  the  lifetime  of  the  link,  the  switch  determines 
that  the  device  connected  to  that  interface  is  an  IEEE  802.1x-capable  supplicant  and  uses  IEEE  802.  lx 
authentication  (not  MAC  authentication  bypass)  to  authorize  the  interface. 

Clients  that  were  authorized  with  MAC  authentication  bypass  can  be  re-authenticated. 

For  more  information  about  how  MAC  authentication  bypass  and  IEEE  802. lx  authentication  interact, 
see  the  "Understanding  IEEE  802. lx  Authentication  with  MAC  Authentication  Bypass"  section  and  the 
"IEEE  802. lx  Authentication  Configuration  Guidelines"  section  in  the  "Configuring  IEEE  802. lx 
Port-Based  Authentication"  chapter  of  the  software  configuration  guide. 
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Examples  This  example  shows  how  to  enable  MAC  authentication  bypass  and  to  configure  the  switch  to  use  EAP 

for  authentication: 

Switch (config-if) #  dotlx  mac-auth-bypass  eap 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  dotlx  [interface  Displays  IEEE  802.  lx  status  for  the  specified  port. 

interface-id] 
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dotlx  max-reauth-req 

Use  the  dotlx  max-reauth-req  interface  configuration  command  to  set  the  maximum  number  of  times 
that  the  switch  restarts  the  authentication  process  before  a  port  changes  to  the  unauthorized  state.  Use 
the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  max-reauth-req  count 

no  dotlx  max-reauth-req 


Syntax  Description       count  Number  of  times  that  the  switch  restarts  the  authentication  process  before  the 

port  changes  to  the  unauthorized  state.  The  range  is  0  to  10. 


Defaults  The  default  is  2  times. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  count  range  was  changed. 

Usage  Guidelines        You  should  change  the  default  value  of  this  command  only  to  adjust  for  unusual  circumstances  such  as 
unreliable  links  or  specific  behavioral  problems  with  certain  clients  and  authentication  servers. 


Examples  This  example  shows  how  to  set  4  as  the  number  of  times  that  the  switch  restarts  the  authentication 

process  before  the  port  changes  to  the  unauthorized  state: 

Switch (config-if) #  dotlx  max-reauth-req  4 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands      Command  Description 

dotlx  max-req  Sets  the  maximum  number  of  times  that  the  switch  forwards  an  EAP 

frame  (assuming  that  no  response  is  received)  to  the  authentication  server 
before  restarting  the  authentication  process. 

dotlx  timeout  tx-period        Sets  the  number  of  seconds  that  the  switch  waits  for  a  response  to  an 

EAP-request/identity  frame  from  the  client  before  resending  the 
request. 

show  dotlx  [interface  Displays  IEEE  802.  lx  status  for  the  specified  port. 

interface-id] 
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dotlx  max-req 


Use  the  dotlx  max-req  interface  configuration  command  to  set  the  maximum  number  of  times  that  the 
switch  sends  an  Extensible  Authentication  Protocol  (EAP)  frame  from  the  authentication  server 
(assuming  that  no  response  is  received)  to  the  client  before  restarting  the  authentication  process.  Use  the 
no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  max-req  count 

no  dotlx  max-req 


Syntax  Description 


count  Number  of  times  that  the  switch  resends  an  EAP  frame  from  the  authentication 

server  before  restarting  the  authentication  process.  The  range  is  1  to  10. 


Defaults 


The  default  is  2  times. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  change  the  default  value  of  this  command  only  to  adjust  for  unusual  circumstances  such  as 
unreliable  links  or  specific  behavioral  problems  with  certain  clients  and  authentication  servers. 


Examples 


This  example  shows  how  to  set  5  as  the  number  of  times  that  the  switch  sends  an  EAP  frame  from  the 
authentication  server  to  the  client  before  restarting  the  authentication  process: 

Switch(conf ig-if ) #  dotlx  max-req  5 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands  Command 

dotlx  timeout  tx-period 


show  dotlx  [interface 

interface-id] 


Description 

Sets  the  number  of  seconds  that  the  switch  waits  for  a  response  to  an 
EAP-request/identity  frame  from  the  client  before  resending  the 
request. 

Displays  IEEE  802.  lx  status  for  the  specified  port. 
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dotlx  pae 

Use  the  dotlx  pae  interface  configuration  command  to  configure  the  port  as  an  IEEE  802. lx  port  access 
entity  (PAE)  authenticator.  Use  the  no  form  of  this  command  to  disable  IEEE  802.  lx  authentication  on 
the  port. 

dotlx  pae  authenticator 

no  dotlx  pae 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  The  port  is  not  an  IEEE  802.  lx  PAE  authenticator,  and  IEEE  802.  lx  authentication  is  disabled  on  the 

port. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SEE  This  command  was  introduced. 


Usage  Guidelines       Use  the  no  dotlx  pae  interface  configuration  command  to  disable  IEEE  802. lx  authentication  on  the 
port. 

When  you  configure  IEEE  802. lx  authentication  on  a  port,  such  as  by  entering  the  dotlx  port-control 
interface  configuration  command,  the  switch  automatically  configures  the  port  as  an  EEE  802. lx 
authenticator.  After  the  no  dotlx  pae  interface  configuration  command  is  entered,  the  Authenticator 
PAE  operation  is  disabled. 


Examples  This  example  shows  how  to  disable  IEEE  802.  lx  authentication  on  the  port: 

Switch ( config-if ) #  no  dotlx  pae 

You  can  verify  your  settings  by  entering  the  show  dotlx  or  show  eap  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  dotlx 

Displays  IEEE  802. lx  statistics,  administrative  status,  and 

operational  status  for  the  switch  or  for  the  specified  port. 

show  eap 

Displays  EAP  registration  and  session  information  for  the 

switch  or  for  the  specified  port. 
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dotlx  port-control 


Use  the  dotlx  port-control  interface  configuration  command  to  enable  manual  control  of  the 
authorization  state  of  the  port.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  port-control  {auto  I  force-authorized  I  force-unauthorized} 

no  dotlx  port-control 


Syntax  Description  auto 


Enable  IEEE  802.  lx  authentication  on  the  port  and  cause  the  port  to  change  to 
the  authorized  or  unauthorized  state  based  on  the  IEEE  802. lx  authentication 
exchange  between  the  switch  and  the  client. 


force-authorized 


Disable  IEEE  802.  lx  authentication  on  the  port  and  cause  the  port  to  transition 
to  the  authorized  state  without  an  authentication  exchange.  The  port  sends  and 
receives  normal  traffic  without  IEEE  802.1x-based  authentication  of  the  client. 

force-unauthorized    Deny  all  access  through  this  port  by  forcing  the  port  to  change  to  the 

unauthorized  state,  ignoring  all  attempts  by  the  client  to  authenticate.  The 
switch  cannot  provide  authentication  services  to  the  client  through  the  port. 


Defaults 


The  default  is  force-authorized. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


You  must  globally  enable  IEEE  802.  lx  authentication  on  the  switch  by  using  the  dotlx 
system-auth-control  global  configuration  command  before  enabling  IEEE  802.  lx  authentication  on  a 
specific  port. 

The  IEEE  802. lx  standard  is  supported  on  Layer  2  static-access  ports  and  voice  VLAN  ports. 
You  can  use  the  auto  keyword  only  if  the  port  is  not  configured  as  one  of  these: 

•  Trunk  port — If  you  try  to  enable  IEEE  802.  lx  authentication  on  a  trunk  port,  an  error  message 
appears,  and  IEEE  802.  lx  is  not  enabled.  If  you  try  to  change  the  mode  of  an  IEEE  802.1x-enabled 
port  to  trunk,  an  error  message  appears,  and  the  port  mode  is  not  changed. 

•  Dynamic  ports — A  port  in  dynamic  mode  can  negotiate  with  its  neighbor  to  become  a  trunk  port.  If 
you  try  to  enable  IEEE  802. lx  authentication  on  a  dynamic  port,  an  error  message  appears,  and 
IEEE  802.  lx  authentication  is  not  enabled.  If  you  try  to  change  the  mode  of  an  IEEE  802.1x-enabled 
port  to  dynamic,  an  error  message  appears,  and  the  port  mode  is  not  changed. 

•  Dynamic-access  ports — If  you  try  to  enable  IEEE  802.  lx  authentication  on  a  dynamic-access 
(VLAN  Query  Protocol  [VQP])  port,  an  error  message  appears,  and  IEEE  802.  lx  authentication  is 
not  enabled.  If  you  try  to  change  an  IEEE  802.1x-enabled  port  to  dynamic  VLAN  assignment,  an 
error  message  appears,  and  the  VLAN  configuration  is  not  changed. 
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•  EtherChannel  port — Do  not  configure  a  port  that  is  an  active  or  a  not-yet-active  member  of  an 
EtherChannel  as  an  IEEE  802.  lx  port.  If  you  try  to  enable  IEEE  802. lx  authentication  on  an 
EtherChannel  port,  an  error  message  appears,  and  IEEE  802. lx  authentication  is  not  enabled. 

•  Switched  Port  Analyzer  (SPAN)  and  Remote  SPAN  (RSPAN)  destination  ports — You  can  enable 
IEEE  802.  lx  authentication  on  a  port  that  is  a  SPAN  or  RSPAN  destination  port.  However, 
IEEE  802.  lx  authentication  is  disabled  until  the  port  is  removed  as  a  SPAN  or  RSPAN  destination. 
You  can  enable  IEEE  802. lx  authentication  on  a  SPAN  or  RSPAN  source  port. 

To  globally  disable  IEEE  802. lx  authentication  on  the  switch,  use  the  no  dotlx  system-auth-control 
global  configuration  command.  To  disable  IEEE  802. lx  authentication  on  a  specific  port  or  to  return  to 
the  default  setting,  use  the  no  dotlx  port-control  interface  configuration  command. 


Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  dotlx  port-control  auto 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Examples 


This  example  shows  how  to  enable  IEEE  802. lx  authentication  on  a  port: 


Related  Commands 


Command 


Description 


show  dotlx  [interface  interface-id] 


Displays  IEEE  802. lx  status  for  the  specified  port. 
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dotlx  re-authenticate 


Use  the  dotlx  re-authenticate  privileged  EXEC  command  to  manually  initiate  a  re-authentication  of 
the  specified  IEEE  802.1x-enabled  port. 

dotlx  re-authenticate  [interface  interface-id] 


Syntax  Description       interface  interface-id       (Optional)  Module  and  port  number  of  the  interface  to  re-authenticate. 


Defaults  There  is  no  default  setting. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  use  this  command  to  re-authenticate  a  client  without  waiting  for  the  configured  number  of 
seconds  between  re-authentication  attempts  (re-authperiod)  and  automatic  re-authentication. 


Examples  This  example  shows  how  to  manually  re-authenticate  the  device  connected  to  a  port: 

Switch#  dotlx  re-authenticate  interface  gigabitethernetO/1 


Related  Commands      Command  Description 


dotlx  reauthentication  Enables  periodic  re-authentication  of  the  client. 

dotlx  timeout  reauth-period  Sets  the  number  of  seconds  between  re-authentication 

attempts. 
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doflx  reauthentication 


Use  the  dotlx  reauthentication  interface  configuration  command  to  enable  periodic  re-authentication 
of  the  client.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

dotlx  reauthentication 

no  dotlx  reauthentication 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Periodic  re-authentication  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines        You  configure  the  amount  of  time  between  periodic  re-authentication  attempts  by  using  the  dotlx 
timeout  reauth-period  interface  configuration  command. 


Examples 


This  example  shows  how  to  disable  periodic  re-authentication  of  the  client: 

Switch (config-if) #  no  dotlx  reauthentication 

This  example  shows  how  to  enable  periodic  re-authentication  and  to  set  the  number  of  seconds  between 
re-authentication  attempts  to  4000  seconds: 

Switch (config-if ) #  dotlx  reauthentication 

Switch (config-if ) #  dotlx  timeout  reauth-period  4000 

You  can  verify  your  settings  by  entering  the  show  dotlx  [interface  interface-id]  privileged  EXEC 
command. 


Related  Commands 


Command 

dotlx  re-authenticate 


Description 

Manually  initiates  a  re-authentication  of  all  IEEE  802.1x-enabled 
ports. 


dotlx  timeout  reauth-period       Sets  the  number  of  seconds  between  re-authentication  attempts. 


show  dotlx  [interface 

interface-id] 


Displays  IEEE  802.  lx  status  for  the  specified  port. 
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Use  the  dotlx  timeout  interface  configuration  command  to  set  IEEE  802.  lx  timers.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting. 

dotlx  timeout  {quiet-period  seconds  I  ratelimit-period  seconds  I  reauth-period  {seconds  I 
server}  I  server-timeout  seconds  I  supp-timeout  seconds  I  tx-period  seconds] 

no  dotlx  timeout  {quiet-period  I  reauth-period  I  server-timeout  I  supp-timeout  I  tx-period} 


Syntax  Description       quiet-period  seconds         Number  of  seconds  that  the  switch  remains  in  the  quiet  state  following  a 

failed  authentication  exchange  with  the  client.  The  range  is  1  to  65535. 

ratelimit-period  seconds    Number  of  seconds  that  the  switch  ignores  Extensible  Authentication 

Protocol  over  LAN  (EAPOL)  packets  from  clients  that  have  been 
successfully  authenticated  during  this  duration.  The  range  is  1  to  65535. 

Set  the  number  of  seconds  between  re-authentication  attempts. 
The  keywords  have  these  meanings: 

•  seconds — Sets  the  number  of  seconds  from  1  to  65535;  the  default  is 
3600  seconds. 

•  server — Sets  the  number  of  seconds  as  the  value  of  the 
Session-Timeout  RADIUS  attribute  (Attribute[27]). 

server-timeout  seconds      Number  of  seconds  that  the  switch  waits  for  the  retransmission  of  packets 

by  the  switch  to  the  authentication  server.  The  range  is  30  to  65535. 

supp-timeout  seconds       Number  of  seconds  that  the  switch  waits  for  the  retransmission  of  packets 

by  the  switch  to  the  IEEE  802.  lx  client.  The  range  is  30  to  65535. 

tx-period  seconds  Number  of  seconds  that  the  switch  waits  for  a  response  to  an 

EAP-request/identity  frame  from  the  client  before  retransmitting  the 
request.  The  range  is  5  to  65535. 


reauth-period  { seconds  I 
server} 


Defaults  These  are  the  default  settings: 

reauth-period  is  3600  seconds, 
quiet-period  is  60  seconds, 
tx-period  is  5  seconds, 
supp-timeout  is  30  seconds, 
server-timeout  is  30  seconds, 
rate-limit  is  1  second. 


Command  Modes        Interface  configuration 
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Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  range  for  tx-period  keyword  was  changed,  and  the  reauth-period 

server  keywords  were  added. 

12.2(25)SEE 

The  ratelimit-period  keyword  was  introduced. 

Usage  Guidelines        You  should  change  the  default  value  of  this  command  only  to  adjust  for  unusual  circumstances  such  as 
unreliable  links  or  specific  behavioral  problems  with  certain  clients  and  authentication  servers. 

The  dotlx  timeout  reauth-period  interface  configuration  command  affects  the  behavior  of  the  switch 
only  if  you  have  enabled  periodic  re-authentication  by  using  the  dotlx  reauthentication  interface 
configuration  command. 

During  the  quiet  period,  the  switch  does  not  accept  or  initiate  any  authentication  requests.  If  you  want 
to  provide  a  faster  response  time  to  the  user,  enter  a  number  smaller  than  the  default. 

When  the  ratelimit-period  is  set  to  0  (the  default),  the  switch  does  not  ignore  EAPOL  packets  from 
clients  that  have  been  successfully  authenticated  and  forwards  them  to  the  RADIUS  server. 


Examples  This  example  shows  how  to  enable  periodic  re-authentication  and  to  set  4000  as  the  number  of  seconds 

between  re-authentication  attempts: 

Switch (conf ig-if ) #  dotlx  reauthentication 
Switch(conf ig-if ) #  dotlx  timeout  reauth-period  4000 

This  example  shows  how  to  enable  periodic  re-authentication  and  to  specify  the  value  of  the 
Session-Timeout  RADIUS  attribute  as  the  number  of  seconds  between  re-authentication  attempts: 

Switch (conf ig-if ) #  dotlx  reauthentication 

Switch (conf ig-if ) #  dotlx  timeout  reauth-period  server 

This  example  shows  how  to  set  30  seconds  as  the  quiet  time  on  the  switch: 

Switch (conf ig-if ) #  dotlx  timeout  quiet-period  30 

This  example  shows  how  to  set  45  seconds  as  the  switch-to-authentication  server  retransmission  time: 

Switch (conf ig) #  dotlx  timeout  server-timeout  45 

This  example  shows  how  to  set  45  seconds  as  the  switch-to-client  retransmission  time  for  the  EAP 
request  frame: 

Switch (conf ig-if ) #  dotlx  timeout  supp-timeout  45 

This  example  shows  how  to  set  60  as  the  number  of  seconds  to  wait  for  a  response  to  an 
EAP-request/identity  frame  from  the  client  before  re-transmitting  the  request: 

Switch (conf ig-if ) #  dotlx  timeout  tx-period  60 

This  example  shows  how  to  set  30  as  the  number  of  seconds  that  the  switch  ignores  EAPOL  packets  from 
successfully  authenticated  clients: 

Switch (conf ig-if ) #  dotlx  timeout  ratelimit-period  30 

You  can  verify  your  settings  by  entering  the  show  dotlx  privileged  EXEC  command. 
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Related  Commands      Command  Description 


dotlx  max-req 

Sets  the  maximum  number  of  times  that  the  switch  sends  an 

EAP-request/identity  frame  before  restarting  the  authentication  process. 

dotlx  reauthentication 

Enables  periodic  re-authentication  of  the  client. 

show  dotlx 

Displays  IEEE  802. lx  status  for  all  ports. 
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duplex 


Use  the  duplex  interface  configuration  command  to  specify  the  duplex  mode  of  operation  for  a  port.  Use 
the  no  form  of  this  command  to  return  the  port  to  its  default  value. 

duplex  {auto  I  full  I  half} 

no  duplex 


Syntax  Description  auto 


full 


Enable  automatic  duplex  configuration;  port  automatically  detects  whether  it 
should  run  in  full-  or  half-duplex  mode,  depending  on  the  attached  device  mode. 

Enable  full-duplex  mode. 


half  Enable  half-duplex  mode  (only  for  interfaces  operating  at  10  or  100  Mb/s).  You 

cannot  configure  half-duplex  mode  for  interfaces  operating  at  1000  or 
10,000  Mb/s. 


Defaults 


The  default  is  auto  for  Gigabit  Ethernet  ports. 

The  default  is  full  for  100BASE-X  (where  -x  is  -BX,  -FX,  -FX-FE,  or  -  LX)  SFP  modules. 

Duplex  options  are  not  supported  on  the  1000BASE-X  (where  -x  is  -BX,  -CWDM,  -LX,  ,  or  -ZX)  SFP 
modules. 

For  information  about  which  SFP  modules  are  supported  on  your  switch,  see  the  product  release  notes. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


For  Gigabit  Ethernet  ports,  setting  the  port  to  auto  has  the  same  effect  as  specifying  full  if  the  attached 
device  does  not  autonegotiate  the  duplex  parameter. 


Note  Half-duplex  mode  is  supported  on  Gigabit  Ethernet  interfaces  if  the  duplex  mode  is  auto  and  the 
connected  device  is  operating  at  half  duplex.  However,  you  cannot  configure  these  interfaces  to 
operate  in  half-duplex  mode. 


Certain  ports  can  be  configured  to  be  either  full  duplex  or  half  duplex.  Applicability  of  this  command 
depends  on  the  device  to  which  the  switch  is  attached. 

If  both  ends  of  the  line  support  autonegotiation,  we  highly  recommend  using  the  default  autonegotiation 
settings.  If  one  interface  supports  autonegotiation  and  the  other  end  does  not,  configure  duplex  and  speed 
on  both  interfaces;  do  use  the  auto  setting  on  the  supported  side. 
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If  the  speed  is  set  to  auto,  the  switch  negotiates  with  the  device  at  the  other  end  of  the  link  for  the  speed 
setting  and  then  forces  the  speed  setting  to  the  negotiated  value.  The  duplex  setting  remains  as 
configured  on  each  end  of  the  link,  which  could  result  in  a  duplex  setting  mismatch. 

You  can  configure  the  duplex  setting  when  the  speed  is  set  to  auto. 

A   

Caution      Changing  the  interface  speed  and  duplex  mode  configuration  might  shut  down  and  re-enable  the 
interface  during  the  reconfiguration. 


For  guidelines  on  setting  the  switch  speed  and  duplex  parameters,  see  the  "Configuring  Interface 
Characteristics"  chapter  in  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  configure  an  interface  for  full-duplex  operation: 

Switch (config) #  interface  gigabitethernetO/1 

Switch ( config-if ) #  duplex  full 

You  can  verify  your  setting  by  entering  the  show  interfaces  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  interfaces 

Displays  the  interface  settings  on  the  switch. 

speed 

Sets  the  speed  on  a  10/100/1000  Mb/s  interface. 
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errdisable  detect  cause 

Use  the  errdisable  detect  cause  global  configuration  command  to  enable  error-disabled  detection  for  a 
specific  cause  or  all  causes.  Use  the  no  form  of  this  command  to  disable  the  error-disabled  detection 
feature. 

errdisable  detect  cause  {all  I  bpduguard  I  dhcp-rate-limit  I  dtp-flap  I  gbic-invalid  I  inline-power 
I  link-flap  I  loopback  I  pagp-flap  I  sfp-config-mismatch } 

no  errdisable  detect  cause  {all  I  bpduguard  I  dhcp-rate-limit  I  dtp-flap  I  gbic-invalid  I 
inline-power  I  link-flap  I  pagp-flap  I  sfp-config-mismatch} 

For  the  BPDU  guard  and  port-security  features,  you  can  use  this  command  to  globally  configure  the 
switch  to  shut  down  just  the  offending  VLAN  on  the  port  when  a  violation  occurs,  instead  of  shutting 
down  the  entire  port. 

When  the  per- VLAN  error-disable  feature  is  turned  off  and  a  BPDU  guard  violation  occurs,  the  entire 
port  is  disabled.  Use  the  no  form  of  this  command  to  disable  the  per- VLAN  error-disable  feature. 

errdisable  detect  cause  bpduguard  shutdown  vlan 

no  errdisable  detect  cause  bpduguard  shutdown  vlan 


Syntax  Description      all  Enable  error  detection  for  all  error-disabled  causes. 


bpduguard  shutdown  vlan 

Enable  per- VLAN  error-disable  for  BPDU  guard. 

dhcp-rate-limit 

Enable  error  detection  for  DHCP  snooping. 

dtp-flap 

Enable  error  detection  for  the  Dynamic  Trunking  Protocol  (DTP) 

flapping. 

gbic-invalid 

Enable  error  detection  for  an  invalid  Gigabit  Interface  Converter 

(GBIC)  module. 

Note     This  error  refers  to  an  invalid  small  form-factor  pluggable 

(SFP)  module. 

inline-power 

Enable  error  detection  for  inline  power. 

link-flap 

Enable  error  detection  for  link-state  flapping. 

loopback 

Enable  error  detection  for  detected  loopbacks. 

pagp-flap 

Enable  error  detection  for  the  Port  Aggregation  Protocol  (PAgP)  flap 

error-disabled  cause. 

Command  Default       Detection  is  enabled  for  all  causes. 


Command  Modes        Global  configuration 
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Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(37)SE 

The  Per-VLAN  error-detection  feature  was  added.  The  bpduguard, 

inline-power  and  sfp-mismatch  keywords  were  added. 

Usage  Guidelines       A  cause  (link-flap,  dhcp-rate-limit,  and  so  forth)  is  the  reason  why  the  error-disabled  state  occurred. 

When  a  cause  is  detected  on  a  port,  the  port  is  placed  in  an  error-disabled  state,  an  operational  state  that 
is  similar  to  a  link-down  state. 

When  a  port  is  error-disabled,  it  is  effectively  shut  down,  and  no  traffic  is  sent  or  received  on  the  port.  For  the 
BPDU  guard  and  port-security  features,  you  can  configure  the  switch  to  shut  down  just  the  offending 
VLAN  on  the  port  when  a  violation  occurs,  instead  of  shutting  down  the  entire  port. 

If  you  set  a  recovery  mechanism  for  the  cause  by  entering  the  errdisable  recovery  global  configuration 
command  for  the  cause,  the  port  is  brought  out  of  the  error-disabled  state  and  allowed  to  retry  the 
operation  when  all  causes  have  timed  out.  If  you  do  not  set  a  recovery  mechanism,  you  must  enter  the 
shutdown  and  then  the  no  shutdown  commands  to  manually  recover  a  port  from  the  error-disabled  state. 


Examples  This  example  shows  how  to  enable  error-disabled  detection  for  the  link-flap  error-disabled  cause: 

Switch (config) #  errdisable  detect  cause  link-flap 

This  command  shows  how  to  globally  configure  BPDU  guard  for  per- VLAN  error  disable: 

Switch (config) #  errdisable  detect  cause  bpduguard  shutdown  vlan 

You  can  verify  your  setting  by  entering  the  show  errdisable  detect  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  errdisable  detect  Displays  error-disabled  detection  information. 

show  interfaces  status  err-disabled        Displays  interface  status  or  a  list  of  interfaces  in  the 

error-disabled  state. 

clear  errdisable  interface  Clears  the  error-disabled  state  from  a  port  or  VLAN  that 

was  error  disabled  by  the  per-VLAN  error  disable  feature. 
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errdisable  recovery 

Use  the  errdisable  recovery  global  configuration  command  to  configure  the  recover  mechanism 
variables.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

errdisable  recovery  {cause  {all  I  bpduguard  I  channel-misconfig  I  dhcp-rate-limit  I  dtp-flap  I 
gbic-invalid  I  inline-power  I  link-flap  I  loopback  I  pagp-flap  I  psecure-violation  I 
security-violation  I  sfp-mismatch  I  udld  I  vmps}  I  {interval  interval} 

no  errdisable  recovery  {cause  {all  I  bpduguard  I  channel-misconfig  I  dhcp-rate-limit  I  dtp-flap 
I  gbic-invalid  I  inline-power  I  link-flap  I  loopback  I  pagp-flap  I  psecure-violation  I 
security- violation  I  sfp-mismatch  I  udld  I  vmps}  I  {interval  interval} 


Syntax  Description      cause  Enable  the  error-disabled  mechanism  to  recover  from  a  specific  cause. 
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all 

Enable  the  timer  to  recover  from  all  error-disabled  causes. 

bpduguard 

Enable  the  timer  to  recover  from  the  bridge  protocol  data  unit  (BPDU)  guard 
error-disabled  state. 

channel-misconfig 

Enable  the  timer  to  recover  from  the  EtherChannel  misconfiguration 
error-disabled  state. 

dhcp-rate-limit 

Enable  the  timer  to  recover  from  the  DHCP  snooping  error-disabled  state. 

dtp-flap 

Enable  the  timer  to  recover  from  the  Dynamic  Trunking  Protocol  (DTP)  flap 
error-disabled  state. 

gbic-invalid 

Enable  the  timer  to  recover  from  an  invalid  Gigabit  Interface  Converter 
(GBIC)  module  error-disabled  state. 

Note     This  error  refers  to  an  invalid  small  form-factor  pluggable  (SFP) 
error-disabled  state. 

inline-power 

Enable  error  detection  for  inline-power. 

link-flap 

Enable  the  timer  to  recover  from  the  link-flap  error-disabled  state. 

loopback 

Enable  the  timer  to  recover  from  a  loopback  error-disabled  state. 

pagp-flap 

Enable  the  timer  to  recover  from  the  Port  Aggregation  Protocol  (PAgP)-flap 
error-disabled  state. 

psecure-violation 

Enable  the  timer  to  recover  from  a  port  security  violation  disable  state. 

security-violation 

Enable  the  timer  to  recover  from  an  IEEE  802.  lx- violation  disabled  state. 

sfp-config-mismatch 

Enable  error  detection  on  an  SFP  configuration  mismatch. 

udld 

Enable  the  timer  to  recover  from  the  UniDirectional  Link  Detection  (UDLD) 
error-disabled  state. 

vmps 

Enable  the  timer  to  recover  from  the  VLAN  Membership  Policy  Server 
(VMPS)  error-disabled  state. 

interval  interval 

Specify  the  time  to  recover  from  the  specified  error-disabled  state.  The  range 
is  30  to  86400  seconds.  The  same  interval  is  applied  to  all  causes.  The  default 
interval  is  300  seconds. 

Note     The  error-disabled  recovery  timer  is  initialized  at  a  random 

differential  from  the  configured  interval  value.  The  difference 
between  the  actual  timeout  value  and  the  configured  value  can  be  up 
to  15  percent  of  the  configured  interval. 
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Note      Though  visible  in  the  command-line  help  strings,  the  ilpower,  storm-control,  and  unicast-flood 

keywords  are  not  supported. 


Defaults 


Recovery  is  disabled  for  all  causes. 

The  default  recovery  interval  is  300  seconds. 


Command  Modes 


Global  configuration 


Command  History 


Release 


12.2(25)SE1 


12.2(37)SE 


Modification 


This  command  was  introduced. 


The  per-VLAN  error-detection  feature  was  added.  The  inline-power  and 
sfp-mismatch  keywords  were  added. 


Usage  Guidelines 


A  cause  (link-flap,  bpduguard,  and  so  forth)  is  defined  as  the  reason  that  the  error-disabled  state 
occurred.  When  a  cause  is  detected  on  a  port,  the  port  is  placed  in  the  error-disabled  state,  an  operational 
state  similar  to  link-down  state. 

When  a  port  is  error-disabled,  it  is  effectively  shut  down,  and  no  traffic  is  sent  or  received  on  the  port.  For  the 
BPDU  guard  and  port-security  features,  you  can  configure  the  switch  to  shut  down  just  the  offending 
VLAN  on  the  port  when  a  violation  occurs,  instead  of  shutting  down  the  entire  port. 

If  you  do  not  enable  the  recovery  for  the  cause,  the  port  stays  in  the  error-disabled  state  until  you  enter 
the  shutdown  and  the  no  shutdown  interface  configuration  commands.  If  you  enable  the  recovery  for  a 
cause,  the  port  is  brought  out  of  the  error-disabled  state  and  allowed  to  retry  the  operation  again  when 
all  the  causes  have  timed  out. 

Otherwise,  you  must  enter  the  shutdown  and  then  the  no  shutdown  commands  to  manually  recover  a 
port  from  the  error-disabled  state. 


Examples 


This  example  shows  how  to  enable  the  recovery  timer  for  the  BPDU  guard  error-disabled  cause: 

Switch (config) #  errdisable  recovery  cause  bpduguard 

This  example  shows  how  to  set  the  timer  to  500  seconds: 

Switch (config) #  errdisable  recovery  interval  500 

You  can  verify  your  settings  by  entering  the  show  errdisable  recovery  privileged  EXEC  command. 
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Related  Commands      Command  Description 


show  errdisable  recovery 

Displays  error-disabled  recovery  timer  information. 

show  interfaces  status 

Displays  interface  status  or  a  list  of  interfaces  in  error-disabled 

err-disabled 

state. 

clear  errdisable  interface 

Clears  the  error-disabled  state  from  a  port  or  VLAN  that  was  error 

disabled  by  the  per- VLAN  error  disable  feature. 
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exception  crashinfo 


Use  the  exception  crashinfo  global  configuration  command  to  configure  the  switch  to  create  the 
extended  crashinfo  file  when  the  Cisco  10S  image  fails.  Use  the  no  form  of  this  command  to  disable  this 
feature. 

exception  crashinfo 

no  exception  crashinfo 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  switch  creates  the  extended  crashinfo  file. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SED 


This  command  was  introduced. 


Usage  Guidelines 


The  basic  crashinfo  file  includes  the  Cisco  10S  image  name  and  version  that  failed  and  a  list  of  the 
processor  registers.  The  extended  crashinfo  file  includes  additional  information  that  can  help  determine 
the  cause  of  the  switch  failure. 

Use  the  no  exception  crashinfo  global  configuration  command  to  configure  the  switch  to  not  create  the 
extended  crashinfo  file. 


Examples 


This  example  shows  how  to  configure  the  switch  to  not  create  the  extended  crashinfo  file: 

Switch (config) #  no  exception  crashinfo 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  running-config 


Displays  the  operating  configuration,  including  defined  macros. 
For  syntax  information,  select  Cisco  IOS  Configuration 
Fundamentals  Command  Reference,  Release  12.2  >  File 
Management  Commands  >  Configuration  File  Management 
Commands. 
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fallback  profile 

Use  the  fallback  profile  global  configuration  command  on  the  switch  stack  or  on  a  standalone  switch  to 
create  a  fallback  profile  for  web  authentication.  To  return  to  the  default  setting,  use  the  no  form  of  this 
command. 

fallback  profile  profile 

no  fallback  profile 


Syntax  Description      profile  Specify  the  fallback  profile  for  clients  that  do  not  support  IEEE  802.  lx 

authentication. 


Defaults  No  fallback  profile  is  configured. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(35)SE  This  command  was  introduced. 


Usage  Guidelines       The  fallback  profile  is  used  to  define  the  IEEE  802. lx  fallback  behavior  for  IEEE  802. lx  ports  that  do 
not  have  supplicants.  The  only  supported  behavior  is  to  fall  back  to  web  authentication. 

After  entering  the  fallback  profile  command,  you  enter  profile  configuration  mode,  and  these 
configuration  commands  are  available: 

•  ip:  Create  an  IP  configuration. 

•  access-group:  Specify  access  control  for  packets  sent  by  hosts  that  have  not  yet  been  authenticated. 

•  admission:  Apply  an  IP  admission  rule. 


Examples  This  example  shows  how  to  create  a  fallback  profile  to  be  used  with  web  authentication: 

Switch#  configure  terminal 

Switch (config) #  ip  admission  name  rulel  proxy  http 

Switch (config) #  fallback  profile  profilel 

Switch (conf ig-f allback-prof ile) #  ip  access-group  default -policy  in 

Switch (conf ig-f allback-prof ile) #  ip  admission  rulel 

Switch (conf ig-f allback-prof ile) #  exit 

Switch (conf ig) #  interface  gigabitethernet  1/0/1 

Switch (conf ig-if) #  dotlx  fallback  profilel 

Switch (conf ig-if) #  end 

You  can  verify  your  settings  by  entering  the  show  running-configuration  [interface  interface-id] 
privileged  EXEC  command. 
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Related  Commands      Command  Description 


dotlx  fallback 

Configure  a  port  to  use  web  authentication  as  a  fallback 

method  for  clients  that  do  not  support  IEEE  802.  lx 

authentication. 

ip  admission 

Enable  web  authentication  on  a  switch  port 

ip  admission  name  proxy  http 

Enable  web  authentication  globally  on  a  switch 

show  dotlx  [interface  interface-id] 

Displays  IEEE  802.  lx  status  for  the  specified  port. 

show  fallback  profile 

Display  the  configured  profiles  on  a  switch. 
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flowcontrol 

Use  the  flowcontrol  interface  configuration  command  to  set  the  receive  flow-control  state  for  an 
interface.  When  flow  control  send  is  operable  and  on  for  a  device  and  it  detects  any  congestion  at  its 
end,  it  notifies  the  link  partner  or  the  remote  device  of  the  congestion  by  sending  a  pause  frame.  When 
flow  control  receive  is  on  for  a  device  and  it  receives  a  pause  frame,  it  stops  sending  any  data  packets. 
This  prevents  any  loss  of  data  packets  during  the  congestion  period. 

Use  the  receive  off  keywords  to  disable  flow  control, 
flowcontrol  receive  { desired  I  off  I  on } 


Note 

The  switch  can  receive,  but  not  send,  pause  frames. 

Syntax  Description 

receive          Set  whether  the  interface  can  receive  flow-control  packets  from  a  remote  device. 

desired          Allow  an  interface  to  operate  with  an  attached  device  that  is  required  to  send 

flow-control  packets  or  with  an  attached  device  that  is  not  required  to  but  can  send 
flow-control  packets. 

off                Turn  off  the  ability  of  an  attached  device  to  send  flow-control  packets  to  an  interface. 

on                Allow  an  interface  to  operate  with  an  attached  device  that  is  required  to  send 

flow-control  packets  or  with  an  attached  device  that  is  not  required  to  but  can  send 
flow-control  packets. 

Defaults 

The  default  is  flowcontrol  receive  off. 

Command  Modes 

Interface  configuration 

Command  History 

Release  Modification 

12.2(25)SE1                  This  command  was  introduced. 

Usage  Guidelines       The  switch  does  not  support  sending  flow-control  pause  frames. 

Note  that  the  on  and  desired  keywords  have  the  same  result. 

When  you  use  the  flowcontrol  command  to  set  a  port  to  control  traffic  rates  during  congestion,  you  are 
setting  flow  control  on  a  port  to  one  of  these  conditions: 

•  receive  on  or  desired:  The  port  cannot  send  pause  frames,  but  can  operate  with  an  attached  device 
that  is  required  to  or  is  able  to  send  pause  frames.  The  port  can  receive  pause  frames. 

•  receive  off:  Flow  control  does  not  operate  in  either  direction.  In  case  of  congestion,  no  indication  is 
given  to  the  link  partner,  and  no  pause  frames  are  sent  or  received  by  either  device. 
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Table  2-5  shows  the  flow  control  results  on  local  and  remote  ports  for  a  combination  of  settings.  The 
table  assumes  that  receive  desired  has  the  same  results  as  using  the  receive  on  keywords. 

Table  2-5    Flow  Control  Settings  and  Local  and  Remote  Port  Flow  Control  Resolution 


Flow  Control  Settings 

Flow  Control  Resolution 

Local  Device 

Remote  Device 

Local  Device 

Remote  Device 

send  off/receive  on 

send  on/receive  on 
send  on/receive  off 
send  desired/receive  on 
send  desired/receive  off 
send  off/receive  on 
send  off/receive  off 

Receives  only 
Receives  only 
Receives  only 
Receives  only 
Receives  only 
Does  not  send  or  receive 

Sends  and  receives 

Sends  only 

Sends  and  receives 

Sends  only 

Receives  only 

Does  not  send  or  receive 

send  off/receive  off 

send  on/receive  on 
send  on/receive  off 
send  desired/receive  on 
send  desired/receive  off 
send  off/receive  on 
send  off/receive  off 

Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 

Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 
Does  not  send  or  receive 

Examples  This  example  shows  how  to  configure  the  local  port  to  not  support  flow  control  by  the  remote  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch ( config-if ) #  flowcontrol  receive  off 

You  can  verify  your  settings  by  entering  the  show  interfaces  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  interfaces  Displays  the  interface  settings  on  the  switch,  including  input  and  output  flow 

control. 
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interface  port-channel 

Use  the  interface  port-channel  global  configuration  command  to  access  or  create  the  port-channel 
logical  interface.  Use  the  no  form  of  this  command  to  remove  the  port-channel. 

interface  port-channel  port-channel-number 

no  interface  port-channel  port-channel-number 


Syntax  Description      port-channel-number      Port-channel  number.  The  range  is  1  to  48. 


Defaults  No  port-channel  logical  interfaces  are  defined. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        For  Layer  2  EtherChannels,  you  do  not  have  to  create  a  port-channel  interface  first  before  assigning  a 
physical  port  to  a  channel  group.  Instead,  you  can  use  the  channel-group  interface  configuration 
command.  It  automatically  creates  the  port-channel  interface  when  the  channel  group  gets  its  first 
physical  port.  If  you  create  the  port-channel  interface  first,  the  channel- group-number  can  be  the  same 
as  the  port-channel-number,  or  you  can  use  a  new  number.  If  you  use  a  new  number,  the  channel-group 
command  dynamically  creates  a  new  port  channel. 

Only  one  port  channel  in  a  channel  group  is  allowed. 

Follow  these  guidelines  when  you  use  the  interface  port-channel  command: 

•  If  you  want  to  use  the  Cisco  Discovery  Protocol  (CDP),  you  must  configure  it  only  on  the  physical 
port  and  not  on  the  port-channel  interface. 

•  Do  not  configure  a  port  that  is  an  active  member  of  an  EtherChannel  as  an  IEEE  802.  lx  port.  If 
IEEE  802.  lx  is  enabled  on  a  not-yet  active  port  of  an  EtherChannel,  the  port  does  not  join  the 
EtherChannel. 

For  a  complete  list  of  configuration  guidelines,  see  the  "Configuring  EtherChannels"  chapter  in  the 
software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  create  a  port-channel  interface  with  a  port  channel  number  of  5: 

Switch (config) #  interface  port-channel  5 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  or  show 
etherchannel  channel-group-number  detail  privileged  EXEC  command. 
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Related  Commands      Command  Description 

channel-group  Assigns  an  Ethernet  port  to  an  EtherChannel  group, 

show  etherchannel         Displays  EtherChannel  information  for  a  channel. 

show  running-config      Displays  the  current  operating  configuration.  For  syntax  information,  select 

Cisco  IOS  Configuration  Fundamentals  Command  Reference,  Release  12.2 
>  File  Management  Commands  >  Configuration  File  Management 
Commands. 
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interface  range 

Use  the  interface  range  global  configuration  command  to  enter  interface  range  configuration  mode  and 
to  execute  a  command  on  multiple  ports  at  the  same  time.  Use  the  no  form  of  this  command  to  remove 
an  interface  range. 

interface  range  {port-range  I  macro  name} 

no  interface  range  {port-range  I  macro  name] 


Syntax  Description      port-range  Port  range.  For  a  list  of  valid  values  for  port-range,  see  the  "Usage  Guidelines" 

section. 

macro  name  Specify  the  name  of  a  macro. 


Defaults  This  command  has  no  default  setting. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        When  you  enter  interface  range  configuration  mode,  all  interface  parameters  you  enter  are  attributed  to 
all  interfaces  within  the  range. 

For  VLANs,  you  can  use  the  interface  range  command  only  on  existing  VLAN  switch  virtual  interfaces 
(SVIs).  To  display  VLAN  SVIs,  enter  the  show  running-config  privileged  EXEC  command.  VLANs  not 
displayed  cannot  be  used  in  the  interface  range  command.  The  commands  entered  under  interface 
range  command  are  applied  to  all  existing  VLAN  SVIs  in  the  range. 

All  configuration  changes  made  to  an  interface  range  are  saved  to  NVRAM,  but  the  interface  range  itself 
is  not  saved  to  NVRAM. 

You  can  enter  the  interface  range  in  two  ways: 

•  Specifying  up  to  five  interface  ranges 

•  Specifying  a  previously  defined  interface-range  macro 

All  interfaces  in  a  range  must  be  the  same  type;  that  is,  all  Gigabit  Ethernet  ports,  all  EtherChannel  ports, 
or  all  VLANs.  However,  you  can  define  up  to  five  interface  ranges  with  a  single  command,  with  each 
range  separated  by  a  comma. 
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Valid  values  for  port-range  type  and  interface: 
•    vlan  vlan-ID,  where  VLAN  ID  is  from  1  to  4094 


Note     Although  the  command-line  interface  (CLI)  shows  options  to  set  multiple  VLANs,  these  are 
not  supported. 

•  gigabitethernet  module/ {first port]  -  {last port},  where  module  is  always  0 
For  physical  interfaces: 

-  module  is  always  0 

-  the  range  is  type  Olnumber  -  number  (for  example,  gigabitethernetO/1  -  2) 

•  port-channel  port-channel-number  -  port-channel-number,  where  port-channel-number  is  from  1 
to  48 


Note     When  you  use  the  interface  range  command  with  port  channels,  the  first  and  last  port 
channel  number  in  the  range  must  be  active  port  channels. 

When  you  define  a  range,  you  must  enter  a  space  between  the  first  entry  and  the  hyphen  (-): 

interface  range  gigabitethernetO/1  -2 

When  you  define  multiple  ranges,  you  must  still  enter  a  space  after  the  first  entry  and  before  the 
comma  (,): 

gigabitethernetO/1  -  2,   gigabitethernetO/11  -  12 

interface  range  gigabitethernetO/1  -  2,  gigabitethernet2/0/5  -  7 

You  cannot  specify  both  a  macro  and  an  interface  range  in  the  same  command. 

You  can  also  specify  a  single  interface  in  port-range.  The  command  is  then  similar  to  the  interface 
interface-id  global  configuration  command. 

For  more  information  about  configuring  interface  ranges,  see  the  software  configuration  guide  for  this 
release. 


Examples  This  example  shows  how  to  use  the  interface  range  command  to  enter  interface-range  configuration 

mode  to  apply  commands  to  two  ports: 

Switch (config) #  interface  range  gigabitethernetO/1  -  2 

Switch (conf ig-if-range) # 

This  example  shows  how  to  use  a  port-range  macro  macrol  for  the  same  function.  The  advantage  is  that 
you  can  reuse  macrol  until  you  delete  it. 

Switch (conf ig) #  define  interface-range  macrol  gigabitethernetO/1  -  2 
Switch (conf ig) #  interface  range  macro  macrol 

Switch (conf ig-if-range) # 


Related  Commands 
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Command 

Description 

define  interface-range 

Creates  an  interface  range  macro. 

show  running-config 

Displays  the  configuration  information  currently  running  on  the  switch.  For 
syntax  information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management  Commands  > 
Configuration  File  Management  Commands. 
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interface  vlan 

Use  the  interface  vlan  global  configuration  command  to  create  or  access  a  VLAN  and  to  enter  interface 
configuration  mode.  Use  the  no  form  of  this  command  to  delete  a  VLAN. 

interface  vlan  vlan- id 

no  interface  vlan  vlan-id 


Syntax  Description      vlan-id  VLAN  number.  The  range  is  1  to  4094. 


Defaults  The  default  VLAN  interface  is  VLAN  1. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       VLANs  are  created  the  first  time  that  you  enter  the  interface  vlan  vlan-id  command  for  a  particular 

VLAN.  The  vlan-id  corresponds  to  the  VLAN-tag  associated  with  data  frames  on  an  ISL  or  IEEE  802. 1Q 
encapsulated  trunk  or  the  VLAN  ID  configured  for  an  access  port. 

If  you  delete  a  VLAN  by  entering  the  no  interface  vlan  vlan-id  command,  the  deleted  interface  is  no 
longer  visible  in  the  output  from  the  show  interfaces  privileged  EXEC  command. 

X   

Note      You  cannot  delete  the  VLAN  1  interface. 


You  can  re-instate  a  deleted  VLAN  by  entering  the  interface  vlan  vlan-id  command  for  the  deleted 
interface.  The  interface  comes  back  up,  but  the  previous  configuration  is  gone. 


Examples  This  example  shows  how  to  create  a  new  VLAN  with  VLAN  ID  23  and  to  enter  interface  configuration 

mode: 

Switch (config) #  interface  vlan  23 

Switch (conf ig-if ) # 

You  can  verify  your  setting  by  entering  the  show  interfaces  and  show  interfaces  vlan  vlan-id  privileged 
EXEC  commands. 


Related  Commands      Command  Description 

show  interfaces  vlan  vlan-id  Displays  the  administrative  and  operational  status  of  all 

interfaces  or  the  specified  VLAN. 
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ip  access-group 

Use  the  ip  access-group  interface  configuration  command  to  control  access  to  a  Layer  2  interface.  Use 
the  no  form  of  this  command  to  remove  all  access  groups  or  the  specified  access  group  from  the 
interface. 

ip  access-group  {access-list-number  I  name}  {in} 
no  ip  access-group  [access-list-number  I  name]  {in} 


Syntax  Description       access-list-number  The  number  of  the  IP  access  control  list  (ACL).  The  range  is  1  to  199  or 

1300  to  2699. 


name 

The  name  of  an  IP  ACL,  specified  in  the  ip  access-list  global  configuration 

command. 

in 

Specify  filtering  on  inbound  packets. 

Defaults  No  access  list  is  applied  to  the  interface. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  apply  named  or  numbered  standard  or  extended  IP  access  lists  to  an  interface.  To  define  an 
access  list  by  name,  use  the  ip  access-list  global  configuration  command.  To  define  a  numbered 
access  list,  use  the  access  list  global  configuration  command.  You  can  used  numbered  standard  access 
lists  ranging  from  1  to  99  and  1300  to  1999  or  extended  access  lists  ranging  from  100  to  199  and 
2000  to  2699. 

You  can  use  this  command  to  apply  an  access  list  to  a  Layer  2  interface.  However,  note  these  limitations 
for  port  ACLs: 

•  You  can  only  apply  ACLs  in  the  inbound  direction. 

•  You  can  only  apply  one  IP  ACL  and  one  MAC  ACL  per  interface. 

•  Port  ACLs  do  not  support  logging;  if  the  log  keyword  is  specified  in  the  IP  ACL,  it  is  ignored. 

•  An  IP  ACL  applied  to  an  interface  only  filters  IP  packets.  To  filter  non-IP  packets,  use  the  mac 
access-group  interface  configuration  command  with  MAC  extended  ACLs. 

You  can  use  input  port  ACLs  and  VLAN  maps  on  the  same  switch.  However,  a  port  ACL  takes 
precedence  over  a  VLAN  map.  When  both  an  input  port  ACL  and  a  VLAN  map  are  applied,  incoming 
packets  received  on  ports  with  the  port  ACL  applied  are  filtered  by  the  port  ACL.  Other  packets  are 
filtered  by  the  VLAN  map. 
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For  standard  inbound  access  lists,  after  the  switch  receives  a  packet,  it  checks  the  source  address  of  the 
packet  against  the  access  list.  IP  extended  access  lists  can  optionally  check  other  fields  in  the  packet, 
such  as  the  destination  IP  address,  protocol  type,  or  port  numbers.  If  the  access  list  permits  the  packet, 
the  switch  continues  to  process  the  packet.  If  the  access  list  denies  the  packet,  the  switch  discards  the 
packet. 

If  the  specified  access  list  does  not  exist,  all  packets  are  passed. 


Examples  This  example  shows  how  to  apply  IP  access  list  101  to  inbound  packets  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  ip  access-group  101  in 

You  can  verify  your  settings  by  entering  the  show  ip  interface,  show  access-lists,  or  show  ip 
access-lists  privileged  EXEC  command. 


Related  Commands  Command 

access  list 


ip  access-list 


show  access-lists 


show  ip  access-lists 


show  ip  interface 


Description 

Configures  a  numbered  ACL.  For  syntax  information,  select  Cisco 
IOS  IP  Command  Reference,  Volume  1  of  3:  Addressing  and 
Services,  Release  12.2  >  IP  Services  Commands 

Configures  a  named  ACL.  For  syntax  information,  select  Cisco  IOS 
IP  Command  Reference,  Volume  1  of  3:Addressing  and 
Services,  Release  12.2  >  IP  Services  Commands. 


Displays  ACLs  configured  on  the  switch. 


Displays  IP  ACLs  configured  on  the  switch.  For  syntax 
information,  select  Cisco  IOS  IP  Command  Reference,  Volume  1 
of  3:Addressing  and  Services,  Release  12.2  >  IP  Services 
Commands. 

Displays  information  about  interface  status  and  configuration.  For 
syntax  information,  select  Cisco  IOS  IP  Command  Reference, 
Volume  1  of  3:Addressing  and  Services,  Release  12.2  >  IP 
Services  Commands. 
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ip  address 


Use  the  ip  address  interface  configuration  command  to  set  an  IP  address  for  the  Layer  2  switch.  Use  the 
no  form  of  this  command  to  remove  an  IP  address  or  to  disable  IP  processing. 

ip  address  ip-address  subnet-mask  [secondary] 

no  ip  address  [ip-address  subnet-mask]  [secondary] 


Syntax  Description  ip-address 


IP  address. 


subnet-mask 


Mask  for  the  associated  IP  subnet. 


secondary  (Optional)  Specifies  that  the  configured  address  is  a  secondary  IP  address.  If 

this  keyword  is  omitted,  the  configured  address  is  the  primary  IP  address. 


Defaults 


No  specific  IP  address  is  defined. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


X 

Note 


If  you  remove  the  switch  IP  address  through  a  Telnet  session,  your  connection  to  the  switch  will  be  lost. 

Hosts  can  find  subnet  masks  using  the  Internet  Control  Message  Protocol  (ICMP)  Mask  Request 
message.  Routers  respond  to  this  request  with  an  ICMP  Mask  Reply  message. 

You  can  disable  IP  processing  on  a  particular  interface  by  removing  its  IP  address  with  the  no  ip  address 
command.  If  the  switch  detects  another  host  using  one  of  its  IP  addresses,  it  will  send  an  error  message 
to  the  console. 

You  can  use  the  optional  keyword  secondary  to  specify  an  unlimited  number  of  secondary  addresses. 
Secondary  addresses  are  treated  like  primary  addresses,  except  the  system  never  generates  datagrams 
other  than  routing  updates  with  secondary  source  addresses.  IP  broadcasts  and  ARP  requests  are  handled 
properly,  as  are  interface  routes  in  the  IP  routing  table. 


If  any  router  on  a  network  segment  uses  a  secondary  address,  all  other  devices  on  that  same  segment 
must  also  use  a  secondary  address  from  the  same  network  or  subnet.  Inconsistent  use  of  secondary 
addresses  on  a  network  segment  can  very  quickly  cause  routing  loops. 


If  your  switch  receives  its  IP  address  from  a  Bootstrap  Protocol  (BOOTP)  or  a  DHCP  server  and  you 
remove  the  switch  IP  address  by  using  the  no  ip  address  command,  IP  processing  is  disabled,  and  the 
BOOTP  or  the  DHCP  server  cannot  reassign  the  address. 
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I ip  address 


Examples  This  example  shows  how  to  configure  the  IP  address  for  the  Layer  2  switch  on  a  subnetted  network: 

Switch (config) #  interface  vlan  1 

Switch (config-if ) #  ip  address  172.20.128.2  255.255.255.0 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 
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ip  admission 


Use  the  ip  admission  interface  configuration  command  to  enable  web  authentication.  You  can  also  use 
this  command  in  fallback-profile  mode.  Use  the  no  form  of  this  command  to  disable  web  authentication. 

ip  admission  rule 

no  ip  admission 


Syntax  Description 


rule 


Apply  an  IP  admission  rule  to  the  interface. 


Command  Modes        Global  configuration 


Command  History  Release 


12.2(35)SE 


Modification 


This  command  was  introduced. 


Usage  Guidelines       The  ip  admission  command  applies  a  web  authentication  rule  to  a  switch  port. 


Examples 


This  example  shows  how  to  apply  a  web  authentication  rule  to  a  switchport: 

Switch#  configure  terminal 

Switch (config) #  interface  gigabitethernetl/0/1 
Switch (config-if) #  ip  admission  rulel 

This  example  shows  how  to  apply  a  web  authentication  rule  to  a  fallback  profile  for  use  on  an 
IEEE  802.  lx  enabled  switch  port. 

Switch#  configure  terminal 

Switch (config) #  fallback  profile  profilel 

Switch (config) #  ip  admission  name  rulel 

Switch (config) #  end 


Related  Commands 


Command 

dotlx  fallback 

fallback  profile 


Description 

Configure  a  port  to  use  web  authentication  as  a  fallback  method  for  clients 
that  do  not  support  IEEE  802.  lx  authentication. 

Enable  web  authentication  on  a  port 


ip  admission  name 
proxy  http 


Enable  web  authentication  globally  on  a  switch 


show  ip  admission 


Displays  information  about  NAC  cached  entries  or  the  NAC  configuration. 
For  more  information,  see  the  Network  Admission  Control  Software 
Configuration  Guide  on  Cisco.com. 
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ip  admission  name  proxy  http 

Use  the  ip  admission  name  proxy  http  global  configuration  command  to  enable  web  authentication. 
Use  the  no  form  of  this  command  to  disable  web  authentication. 

ip  admission  name  proxy  http 

no  ip  admission  name  proxy  http 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Web  authentication  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(35)SE  This  command  was  introduced. 


Usage  Guidelines       The  ip  admission  name  proxy  http  command  globally  enables  web  authentication  on  a  switch. 

After  you  enable  web  authentication  on  a  switch,  use  the  ip  access-group  in  and  ip  admission  web-rule 
interface  configuration  commands  to  enable  web  authentication  on  a  specific  interface. 


Examples  This  example  shows  how  to  configure  only  web  authentication  on  a  switchport: 

Switch#  configure  terminal 

Switch (config)    ip  admission  name  http-rule  proxy  http 
Switch (config) #  interface  gigabitethernetl/0/1 

Switch (config-if)  #  ip  access-group  101  in 
Switchfconf ig-if ) #  ip  admission  rule 
Switch (config-if ) #  end 

This  example  shows  how  to  configure  IEEE  802.  lx  authentication  with  web  authentication  as  a  fallback 
mechanism  on  a  switchport. 

Switch#  configure  terminal 

Switch (config) #  ip  admission  name  rule2  proxy  http 
Switch (config) #  fallback  profile  profilel 
Switch (config) #  ip  access  group  101  in 
Switch (config) #  ip  admission  name  rule2 
Switch (config) #  interface  gigabitethernetl/0/1 
Switch (config-if ) #  dotlx  port-control  auto 
Switch (config-if ) #  dotlx  fallback  profilel 
Switch (config-if ) #  end 
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Related  Commands      Command  Description 


dotlx  fallback 

Configure  a  port  to  use  web  authentication  as  a  fallback  method  for  clients 

that  do  not  support  IEEE  802.  lx  authentication. 

fallback  profile 

Create  a  web  authentication  fallback  profile. 

ip  admission 

Enable  web  authentication  on  a  port 

show  ip  admission 

Displays  information  about  NAC  cached  entries  or  the  NAC  configuration. 

For  more  information,  see  the  Network  Admission  Control  Software 

Configuration  Guide  on  Cisco.com. 

I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


2-127 


I    ip  dhcp  snooping 


Chapter  2     CGESM  Switch  Cisco  IPS  Commands  | 


ipdhcp  snooping 


Use  the  ip  dhcp  snooping  global  configuration  command  to  globally  enable  DHCP  snooping.  Use  the 
no  form  of  this  command  to  return  to  the  default  setting. 

ip  dhcp  snooping 

no  ip  dhcp  snooping 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


DHCP  snooping  is  disabled. 


Command  Modes        Global  configuration 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


For  any  DHCP  snooping  configuration  to  take  effect,  you  must  globally  enable  DHCP  snooping. 

DHCP  snooping  is  not  active  until  you  enable  snooping  on  a  VLAN  by  using  the  ip  dhcp  snooping  vlan 
vlan-id  global  configuration  command. 


Examples 


This  example  shows  how  to  enable  DHCP  snooping: 

Switch (config) #  ip  dhcp  snooping 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 


Related  Commands 


Command 

Description 

ip  dhcp  snooping  vlan 

Enables  DHCP  snooping  on  a  VLAN. 

show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping  binding 

Displays  the  DHCP  snooping  binding  information. 
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ip  dhcp  snooping  information  option  11 


ip  dhcp  snooping  information  option 


Use  the  ip  dhcp  snooping  information  option  global  configuration  command  to  enable  DHCP 
option-82  data  insertion.  Use  the  no  form  of  this  command  to  disable  DHCP  option-82  data  insertion. 

ip  dhcp  snooping  information  option 

no  ip  dhcp  snooping  information  option 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


DHCP  option-82  data  is  inserted. 


Command  Modes        Global  configuration 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


You  must  globally  enable  DHCP  snooping  by  using  the  ip  dhcp  snooping  global  configuration 
command  for  any  DHCP  snooping  configuration  to  take  effect. 

When  the  option-82  feature  is  enabled  and  a  switch  receives  a  DHCP  request  from  a  host,  it  adds  the 
option-82  information  in  the  packet.  The  option-82  information  contains  the  switch  MAC  address  (the 
remote  ID  suboption)  and  the  port  identifier,  vlan-mod-port,  from  which  the  packet  is  received  (circuit 
ID  suboption).  The  switch  forwards  the  DHCP  request  that  includes  the  option-82  field  to  the  DHCP 
server. 

When  the  DHCP  server  receives  the  packet,  it  can  use  the  remote  ID,  the  circuit  ID,  or  both  to  assign  IP 
addresses  and  implement  policies,  such  as  restricting  the  number  of  IP  addresses  that  can  be  assigned  to 
a  single  remote  ID  or  a  circuit  ID.  Then  the  DHCP  server  echoes  the  option-82  field  in  the  DHCP  reply. 

The  DHCP  server  unicasts  the  reply  to  the  switch  if  the  request  was  relayed  to  the  server  by  the  switch. 
When  the  client  and  server  are  on  the  same  subnet,  the  server  broadcasts  the  reply.  The  switch  inspects 
the  remote  ID  and  possibly  the  circuit  ID  fields  to  verify  that  it  originally  inserted  the  option-82  data. 
The  switch  removes  the  option-82  field  and  forwards  the  packet  to  the  switch  port  that  connects  to  the 
DHCP  host  that  sent  the  DHCP  request. 


Examples 


This  example  shows  how  to  enable  DHCP  option-82  data  insertion: 

Switch (config) #  ip  dhcp  snooping  information  option 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 
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Related  Commands 


Command 

Description 

show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping  binding 

Displays  the  DHCP  snooping  binding  information. 
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ip  dhcp  snooping  limit  rate  M 


ip  dhcp  snooping  limit  rate 

Use  the  ip  dhcp  snooping  limit  rate  interface  configuration  command  to  configure  the  number  of  DHCP 
messages  an  interface  can  receive  per  second.  Use  the  no  form  of  this  command  to  return  to  the  default 
setting. 

ip  dhcp  snooping  limit  rate  rate 
no  ip  dhcp  snooping  limit  rate 


Syntax  Description       rate  Number  of  DHCP  messages  an  interface  can  receive  per  second.  The  range  is  1  to 

2048. 


Defaults  DHCP  snooping  rate  limiting  is  disabled. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  Normally,  the  rate  limit  applies  to  untrusted  interfaces.  If  you  want  to  configure  rate  limiting  for  trusted 
interfaces,  keep  in  mind  that  trusted  interfaces  might  aggregate  DHCP  traffic  on  multiple  VLANs  (some 
of  which  might  not  be  snooped)  in  the  switch,  and  you  will  need  to  adjust  the  interface  rate  limits  to  a 
higher  value. 

If  the  rate  limit  is  exceeded,  the  interface  is  error-disabled.  If  you  enabled  error  recovery  by  entering  the 
errdisable  recovery  dhcp-rate-limit  global  configuration  command,  the  interface  retries  the  operation 
again  when  all  the  causes  have  timed  out.  If  the  error-recovery  mechanism  is  not  enabled,  the  interface 
stays  in  the  error-disabled  state  until  you  enter  the  shutdown  and  no  shutdown  interface  configuration 
commands. 


Examples  This  example  shows  how  to  set  a  message  rate  limit  of  150  messages  per  second  on  an  interface: 

Switch (config-if) #  ip  dhcp  snooping  limit  rate  150 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 


Related  Commands      Command  Description 


errdisable  recovery 

Configures  the  recover  mechanism. 

show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping  binding 

Displays  the  DHCP  snooping  binding  information. 
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ip  dhcp  snooping  trust 


Use  the  ip  dhcp  snooping  trust  interface  configuration  command  to  configure  a  port  as  trusted  for 
DHCP  snooping  purposes.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

ip  dhcp  snooping  trust 

no  ip  dhcp  snooping  trust 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


DHCP  snooping  trust  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines        Configure  as  trusted  ports  those  that  are  connected  to  a  DHCP  server  or  to  other  switches  or  routers. 
Configure  as  untrusted  ports  those  that  are  connected  to  DHCP  clients. 


Examples 


This  example  shows  how  to  enable  DHCP  snooping  trust  on  a  port: 

Switch(conf ig-if ) #  ip  dhcp  snooping  trust 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 


Related  Commands 


Command 

Description 

show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping  binding 

Displays  the  DHCP  snooping  binding  information. 
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ip  dhcp  snooping  verify  B 


ip  dhcp  snooping  verify 


Use  the  ip  dhcp  snooping  verify  global  configuration  command  to  configure  the  switch  to  verify  on  an 
untrusted  port  that  the  source  MAC  address  in  a  DHCP  packet  matches  the  client  hardware  address.  Use 
the  no  form  of  this  command  to  configure  the  switch  to  not  verify  the  MAC  addresses. 

ip  dhcp  snooping  verify  mac-address 

no  ip  dhcp  snooping  verify  mac-address 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  switch  verifies  the  source  MAC  address  in  a  DHCP  packet  that  is  received  on  untrusted  ports 
matches  the  client  hardware  address  in  the  packet. 


Command  Modes        Global  configuration 


Command  History 
Usage  Guidelines 


In  a  service-provider  network,  when  a  switch  receives  a  packet  from  a  DHCP  client  on  an  untrusted  port, 
it  automatically  verifies  that  the  source  MAC  address  and  the  DHCP  client  hardware  address  match.  If 
the  addresses  match,  the  switch  forwards  the  packet.  If  the  addresses  do  not  match,  the  switch  drops  the 
packet. 


Examples 


This  example  shows  how  to  disable  the  MAC  address  verification: 

Switch ( config) #  no  ip  dhcp  snooping  verify  mac-address 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 


Related  Commands 


Command 

show  ip  dhcp  snooping 


Description 

Displays  the  DHCP  snooping  configuration. 
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ipdhcp  snooping  vlan 

Use  the  ip  dhcp  snooping  vlan  global  configuration  command  to  enable  DHCP  snooping  on  a  VLAN. 
Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

ip  dhcp  snooping  vlan  vlan-range 

no  ip  dhcp  snooping  vlan  vlan-range 


Syntax  Description       vlan  vlan-range     Specify  a  VLAN  ID  or  a  range  of  VLANs  on  which  to  enable  DHCP  snooping.  The 

range  is  1  to  4094. 

You  can  enter  a  single  VLAN  ID  identified  by  VLAN  ID  number,  a  series  of  VLAN 
IDs  separated  by  commas,  a  range  of  VLAN  IDs  separated  by  hyphens,  or  a  range 
of  VLAN  IDs  separated  by  entering  the  starting  and  ending  VLAN  IDs  separated 
by  a  space. 


Defaults  DHCP  snooping  is  disabled  on  all  VLANs. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       You  must  first  globally  enable  DHCP  snooping  before  enabling  DHCP  snooping  on  a  VLAN. 


Examples  This  example  shows  how  to  enable  DHCP  snooping  on  VLAN  10: 

Switch (config) #  ip  dhcp  snooping  vlan  10 

You  can  verify  your  settings  by  entering  the  show  ip  dhcp  snooping  user  EXEC  command. 


Related  Commands      Command  Description 


show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping  binding 

Displays  the  DHCP  snooping  binding  information. 
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ip  igmp  filter  I 


ip  igmp  filter 

Use  the  ip  igmp  filter  interface  configuration  command  to  control  whether  or  not  all  hosts  on  a  Layer  2 
interface  can  join  one  or  more  IP  multicast  groups  by  applying  an  Internet  Group  Management  Protocol 
(IGMP)  profile  to  the  interface.  Use  the  no  form  of  this  command  to  remove  the  specified  profile  from 
the  interface. 

ip  igmp  filter  profile  number 

no  ip  igmp  filter 


Syntax  Description      profile  number        The  IGMP  profile  number  to  be  applied.  The  range  is  1  to  4294967295. 


Defaults  No  IGMP  filters  are  applied. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  apply  IGMP  filters  only  to  Layer  2  physical  interfaces;  you  cannot  apply  IGMP  filters  to  ports 
that  belong  to  an  EtherChannel  group. 

An  IGMP  profile  can  be  applied  to  one  or  more  switch  port  interfaces,  but  one  port  can  have  only  one 
profile  applied  to  it. 


Examples  This  example  shows  how  to  apply  IGMP  profile  22  to  a  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  ip  igmp  filter  22 

You  can  verify  your  setting  by  using  the  show  running-config  privileged  EXEC  command  and  by 
specifying  an  interface. 
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Related  Commands      Command  Description 


ip  igmp  profile 

Configures  the  specified  IGMP  profile  number. 

show  ip  dhcp  snooping 

Displays  the  characteristics  of  the  specified  IGMP  profile. 

statistics 

show  running-config  interface  Displays  the  running  configuration  on  the  switch  interface,  including 
interface-id  the  IGMP  profile  (if  any)  that  is  applied  to  an  interface.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 


Command  Reference,  Release  12.2  >  File  Management  Commands 
>  Configuration  File  Management  Commands. 
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ip  igmp  max-groups  I 


ip  igmp  max-groups 

Use  the  ip  igmp  max-groups  interface  configuration  command  to  set  the  maximum  number  of  Internet 
Group  Management  Protocol  (IGMP)  groups  that  a  Layer  2  interface  can  join  or  to  configure  the  IGMP 
throttling  action  when  the  maximum  number  of  entries  is  in  the  forwarding  table.  Use  the  no  form  of  this 
command  to  set  the  maximum  back  to  the  default,  which  is  to  have  no  maximum  limit,  or  to  return  to  the 
default  throttling  action,  which  is  to  drop  the  report. 

ip  igmp  max-groups  {number  I  action  {deny  I  replace}} 

no  ip  igmp  max-groups  [number  I  action} 


Syntax  Description       number  The  maximum  number  of  IGMP  groups  that  an  interface  can  join.  The  range  is  0  to 

4294967294.  The  default  is  no  limit. 

action  deny     When  the  maximum  number  of  entries  is  in  the  IGMP  snooping  forwarding  table,  drop 
the  next  IGMP  join  report.  This  is  the  default  action. 

action  When  the  maximum  number  of  entries  is  in  the  IGMP  snooping  forwarding  table, 

replace  replace  the  existing  group  with  the  new  group  for  which  the  IGMP  report  was  received. 


Defaults  The  default  maximum  number  of  groups  is  no  limit. 

After  the  switch  learns  the  maximum  number  of  IGMP  group  entries  on  an  interface,  the  default 
throttling  action  is  to  drop  the  next  IGMP  report  that  the  interface  receives  and  to  not  add  an  entry  for 
the  IGMP  group  to  the  interface. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  use  this  command  only  on  Layer  2  physical  interfaces  and  on  logical  EtherChannel  interfaces. 
You  cannot  set  IGMP  maximum  groups  for  ports  that  belong  to  an  EtherChannel  group. 

Follow  these  guidelines  when  configuring  the  IGMP  throttling  action: 

•  If  you  configure  the  throttling  action  as  deny  and  set  the  maximum  group  limitation,  the  entries  that 
were  previously  in  the  forwarding  table  are  not  removed  but  are  aged  out.  After  these  entries  are 
aged  out,  when  the  maximum  number  of  entries  is  in  the  forwarding  table,  the  switch  drops  the  next 
IGMP  report  received  on  the  interface. 

•  If  you  configure  the  throttling  action  as  replace  and  set  the  maximum  group  limitation,  the  entries 
that  were  previously  in  the  forwarding  table  are  removed.  When  the  maximum  number  of  entries  is 
in  the  forwarding  table,  the  switch  replaces  a  randomly  selected  multicast  entry  with  the  received 
IGMP  report. 

•  When  the  maximum  group  limitation  is  set  to  the  default  (no  maximum),  entering  the  ip  igmp 
max-groups  {deny  I  replace}  command  has  no  effect. 
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Examples  This  example  shows  how  to  limit  to  25  the  number  of  IGMP  groups  that  a  port  can  join: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  ip  igmp  max-groups  25 

This  example  shows  how  to  configure  the  switch  to  replace  the  existing  group  with  the  new  group  for 
which  the  IGMP  report  was  received  when  the  maximum  number  of  entries  is  in  the  forwarding  table: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if ) #  ip  igmp  max-groups  action  replace 

You  can  verify  your  setting  by  using  the  show  running-config  privileged  EXEC  command  and  by 
specifying  an  interface. 


Related  Commands  Command 


Description 


show  running-config  interface 

interface-id 


Displays  the  running  configuration  on  the  switch  interface,  including 
the  maximum  number  of  IGMP  groups  that  an  interface  can  join  and 
the  throttling  action.  For  syntax  information,  select  Cisco  IOS 
Configuration  Fundamentals  Command  Reference,  Release  12.2  > 
File  Management  Commands  >  Configuration  File  Management 
Commands. 
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ip  igmp  profile  I 


ip  igmp  profile 


Use  the  ip  igmp  profile  global  configuration  command  to  create  an  Internet  Group  Management 
Protocol  (IGMP)  profile  and  enter  IGMP  profile  configuration  mode.  From  this  mode,  you  can  specify 
the  configuration  of  the  IGMP  profile  to  be  used  for  filtering  IGMP  membership  reports  from  a 
switchport.  Use  the  no  form  of  this  command  to  delete  the  IGMP  profile. 

ip  igmp  profile  profile  number 

no  ip  igmp  profile  profile  number 


Syntax  Description      profile  number        The  IGMP  profile  number  being  configured.  The  range  is  1  to  4294967295. 


Defaults 


No  IGMP  profiles  are  defined.  When  configured,  the  default  action  for  matching  an  IGMP  profile  is  to 
deny  matching  addresses. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


When  you  are  in  IGMP  profile  configuration  mode,  you  can  create  the  profile  by  using  these  commands: 

•  deny:  specifies  that  matching  addresses  are  denied;  this  is  the  default  condition. 

•  exit:  exits  from  igmp-profile  configuration  mode. 

•  no:  negates  a  command  or  resets  to  its  defaults. 

•  permit:  specifies  that  matching  addresses  are  permitted. 

•  range:  specifies  a  range  of  IP  addresses  for  the  profile.  This  can  be  a  single  IP  address  or  a  range 
with  a  start  and  an  end  address. 

When  entering  a  range,  enter  the  low  IP  multicast  address,  a  space,  and  the  high  IP  multicast  address. 

You  can  apply  an  IGMP  profile  to  one  or  more  Layer  2  interfaces,  but  each  interface  can  have  only  one 
profile  applied  to  it. 


Examples 


This  example  shows  how  to  configure  IGMP  profile  40  that  permits  the  specified  range  of  IP  multicast 
addresses: 

Switch (config) #  ip  igmp  profile  40 

Switch (conf ig-igmp-prof ile) #  permit 

Switch (conf ig-igmp-prof ile) #  range  233.1.1.1  233.255.255.255 

You  can  verify  your  settings  by  using  the  show  ip  igmp  profile  privileged  EXEC  command. 
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Related  Commands      Command  Description 


ip  igmp  filter 

Applies  the  IGMP  profile  to  the  specified  interface. 

show  ip  dhcp  snooping 
statistics 

Displays  the  characteristics  of  all  IGMP  profiles  or  the  specified 
IGMP  profile  number. 
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ip  igmp  snooping 


Use  the  ip  igmp  snooping  global  configuration  command  to  globally  enable  Internet  Group 
Management  Protocol  (IGMP)  snooping  on  the  switch  or  to  enable  it  on  a  per-VLAN  basis.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

ip  igmp  snooping  [vlan  vlan-id] 

no  ip  igmp  snooping  [vlan  vlan-id] 


Syntax  Description      vlan  vlan-id 


(Optional)  Enable  IGMP  snooping  on  the  specified  VLAN.  The  range  is  1  to 
1001  and  1006  to  4094. 


Defaults 


IGMP  snooping  is  globally  enabled  on  the  switch. 
IGMP  snooping  is  enabled  on  VLAN  interfaces. 


Command  Modes 


Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


When  IGMP  snooping  is  enabled  globally,  it  is  enabled  in  all  the  existing  VLAN  interfaces.  When  IGMP 
snooping  is  globally  disabled,  it  is  disabled  on  all  the  existing  VLAN  interfaces. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 


Examples 


This  example  shows  how  to  globally  enable  IGMP  snooping: 

Switch (config) #  ip  igmp  snooping 

This  example  shows  how  to  enable  IGMP  snooping  on  VLAN  1 : 

Switch ( config) #  ip  igmp  snooping  vlan  1 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
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Related  Commands      Command  Description 


ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 

show  ip  igmp  snooping 

Displays  the  snooping  configuration. 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information. 

show  ip  igmp  snooping  mrouter 

Displays  the  IGMP  snooping  router  ports. 

show  ip  igmp  snooping  querier 

Displays  the  configuration  and  operation  information  for 
the  IGMP  querier  configured  on  a  switch. 
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ip  igmp  snooping  last-member-query-interval  M, 


ip  igmp  snooping  last-member-query-interval 

Use  the  ip  igmp  snooping  last-member-query-interval  global  configuration  command  to  enable  the 
Internet  Group  Management  Protocol  (IGMP)  configurable-leave  timer  globally  or  on  a  per-VLAN 
basis.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

ip  igmp  snooping  [vlan  vlan-id]  last-member-query-interval  time 

no  ip  igmp  snooping  [vlan  vlan-id]  last-member-query-interval 


Syntax  Descriptiont      vlan  vlan-id  (Optional)  Enable  IGMP  snooping  and  the  leave  timer  on  the  specified 

VLAN.  The  range  is  1  to  1001  and  1006  to  4094. 

time  Interval  time  out  in  seconds.  The  range  is  100  to  5000  milliseconds. 


Defaults  The  default  timeout  setting  is  1000  milliseconds. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced 


Usage  Guidelines       When  IGMP  snooping  is  globally  enabled,  IGMP  snooping  is  enabled  on  all  the  existing  VLAN 

interfaces.  When  IGMP  snooping  is  globally  disabled,  IGMP  snooping  is  disabled  on  all  the  existing 
VLAN  interfaces. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

Configuring  the  leave  timer  on  a  VLAN  overrides  the  global  setting. 

The  IGMP  configurable  leave  time  is  only  supported  on  devices  running  IGMP  Version  2. 

The  configuration  is  saved  in  NVRAM. 


Examples  This  example  shows  how  to  globally  enable  the  IGMP  leave  timer  for  2000  milliseconds: 

Switch (config) #  ip  igmp  snooping  last-member-query-interval  2000 

This  example  shows  how  to  configure  the  IGMP  leave  timer  for  3000  milliseconds  on  VLAN  1: 

Switch (config) #  ip  igmp  snooping  vlan  1  last-member-query-interval  3000 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
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Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  vlan  immediate-leave 

Enables  IGMP  Immediate-Leave  processing. 

ip  igmp  snooping  vlan  mrouter 

Configures  a  Layer  2  port  as  a  multicast  router  port. 

ip  igmp  snooping  vlan  static 

Configures  a  Layer  2  port  as  a  member  of  a  group. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration. 
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ip  igmp  snooping  querier  I 


ip  igmp  snooping  querier 


Use  the  ip  igmp  snooping  querier  global  configuration  command  to  globally  enable  the  Internet  Group 
Management  Protocol  (IGMP)  querier  function  in  Layer  2  networks.  Use  the  command  with  keywords 
to  enable  and  configure  the  IGMP  querier  feature  on  a  VLAN  interface.  Use  the  no  form  of  this 
command  to  return  to  the  default  settings. 

ip  igmp  snooping  querier  [vlan  vlan-id]  [address  ip-address  I  max-response-time  response-time 
I  query-interval  interval-count  I  ten  query  [count  count  I  interval  interval]  I  timer  expiry  I 
version  version] 

no  ip  igmp  snooping  querier  [vlan  vlan-id]  [address  I  max-response-time  I  query-interval  I  ten 
query  {  count  count  I  interval  interval]  I  timer  expiry  I  version] 


Syntax  Description      vlan  vlan-id 

address  ip-address 

max-response-time 

response-time 

query-interval 

interval-count 

ten  query[count  count 
I  interval  interval] 


(Optional)  Enable  IGMP  snooping  and  the  IGMP  querier  function  on  the 
specified  VLAN.  The  range  is  1  to  1001  and  1006  to  4094. 

(Optional)  Specify  a  source  IP  address.  If  you  do  not  specify  an  IP  address, 
the  querier  tries  to  use  the  global  IP  address  configured  for  the  IGMP  querier. 

(Optional)  Set  the  maximum  time  to  wait  for  an  IGMP  querier  report.  The  range 
is  1  to  25  seconds. 


(Optional)  Set  the  interval  between  IGMP  queriers.  The  range  is  1  to  18000 
seconds. 

(Optional)  Set  parameters  related  to  Topology  Change  Notifications  (TCNs). 
The  keywords  have  these  meanings: 

•  count  count — Set  the  number  of  TCN  queries  to  be  executed  during  the 
TCN  interval  time.  The  range  is  1  to  10. 

•  interval  interval — Set  the  TCN  query  interval  time.  The  range  is  1  to 
255. 

timer  expiry  (Optional)  Set  the  length  of  time  until  the  IGMP  querier  expires.  The  range 

is  60  to  300  seconds. 

version  version  (Optional)  Select  the  IGMP  version  number  that  the  querier  feature  uses. 

Select  1  or  2. 


Defaults 


The  IGMP  snooping  querier  feature  is  globally  disabled  on  the  switch. 

When  enabled,  the  IGMP  snooping  querier  disables  itself  if  it  detects  IGMP  traffic  from  a 
multicast-enabled  device. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SED 


Modification 

This  command  was  introduced 
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Usage  Guidelines        Use  this  command  to  enable  IGMP  snooping  to  detect  the  IGMP  version  and  IP  address  of  a  device  that 
sends  IGMP  query  messages,  which  is  also  called  a  querier. 

By  default,  the  IGMP  snooping  querier  is  configured  to  detect  devices  that  use  IGMP  Version  2 
(IGMPv2)  but  does  not  detect  clients  that  are  using  IGMP  Version  1  (IGMPvl).  You  can  manually 
configure  the  max-response-time  value  when  devices  use  IGMPv2.  You  cannot  configure  the 
max-response-time  when  devices  use  IGMPvl.  (The  value  cannot  be  configured  and  is  set  to  zero). 

Non-RFC  compliant  devices  running  IGMPvl  might  reject  IGMP  general  query  messages  that  have  a 
non-zero  value  as  the  max-response-time  value.  If  you  want  the  devices  to  accept  the  IGMP  general  query 
messages,  configure  the  IGMP  snooping  querier  to  run  IGMPvl. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 


Examples  This  example  shows  how  to  globally  enable  the  IGMP  snooping  querier  feature: 

Switch (config) #  ip  igmp  snooping  querier 

This  example  shows  how  to  set  the  IGMP  snooping  querier  maximum  response  time  to  25  seconds: 

Switch (config) #  ip  igmp  snooping  querier  max-response-time  25 

This  example  shows  how  to  set  the  IGMP  snooping  querier  interval  time  to  60  seconds: 

Switch (config) #  ip  igmp  snooping  querier  query- interval  60 

This  example  shows  how  to  set  the  IGMP  snooping  querier  TCN  query  count  to  25: 

Switch (config) #  ip  igmp  snooping  querier  ten  count  25 

This  example  shows  how  to  set  the  IGMP  snooping  querier  timeout  to  60  seconds: 

Switch (config) #  ip  igmp  snooping  querier  timeout  expiry  60 

This  example  shows  how  to  set  the  IGMP  snooping  querier  feature  to  version  2: 

Switch ( config) #  ip  igmp  snooping  querier  version  2 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 


Related  Commands      Command  Description 


ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration. 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information. 

show  ip  igmp  snooping  mrouter 

Displays  the  IGMP  snooping  router  ports. 
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ip  igmp  snooping  report-suppression  I 


ip  igmp  snooping  report-suppression 


Use  the  ip  igmp  snooping  report-suppression  global  configuration  command  to  enable  Internet  Group 
Management  Protocol  (IGMP)  report  suppression.  Use  the  no  form  of  this  command  to  disable  IGMP 
report  suppression  and  to  forward  all  IGMP  reports  to  multicast  routers. 

ip  igmp  snooping  report-suppression 

no  ip  igmp  snooping  report-suppression 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


IGMP  report  suppression  is  enabled. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


IGMP  report  suppression  is  supported  only  when  the  multicast  query  has  IGMPvl  and  IGMPv2  reports. 
This  feature  is  not  supported  when  the  query  includes  IGMPv3  reports. 

The  switch  uses  IGMP  report  suppression  to  forward  only  one  IGMP  report  per  multicast  router  query 
to  multicast  devices.  When  IGMP  router  suppression  is  enabled  (the  default),  the  switch  sends  the  first 
IGMP  report  from  all  hosts  for  a  group  to  all  the  multicast  routers.  The  switch  does  not  send  the 
remaining  IGMP  reports  for  the  group  to  the  multicast  routers.  This  feature  prevents  duplicate  reports 
from  being  sent  to  the  multicast  devices. 

If  the  multicast  router  query  includes  requests  only  for  IGMPvl  and  IGMPv2  reports,  the  switch 
forwards  only  the  first  IGMPvl  or  IGMPv2  report  from  all  hosts  for  a  group  to  all  the  multicast  routers. 
If  the  multicast  router  query  also  includes  requests  for  IGMPv3  reports,  the  switch  forwards  all  IGMPv  1 , 
IGMPv2,  and  IGMPv3  reports  for  a  group  to  the  multicast  devices. 

If  you  disable  IGMP  report  suppression  by  entering  the  no  ip  igmp  snooping  report-suppression 

command,  all  IGMP  reports  are  forwarded  to  all  the  multicast  routers. 


Examples 


This  example  shows  how  to  disable  report  suppression: 

Switch (config) #  no  ip  igmp  snooping  report-suppression 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
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Related  Commands 


Command 

Description 

ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration  of  the  switch  or  the  VLAN. 
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ip  igmp  snooping  ten  I 


ip  igmp  snooping  ten 

Use  the  ip  igmp  snooping  ten  global  configuration  command  to  configure  the  Internet  Group 
Management  Protocol  (IGMP)  Topology  Change  Notification  (TCN)  behavior.  Use  the  no  form  of  this 
command  to  return  to  the  default  settings. 

ip  igmp  snooping  ten  {flood  query  count  count  I  query  solicit} 

no  ip  igmp  snooping  ten  {flood  query  count  I  query  solicit} 


Syntax  Description      flood  query  count  count   Specify  the  number  of  IGMP  general  queries  for  which  the  multicast  traffic 

is  flooded.  The  range  is  1  to  10. 

query  solicit  Send  an  IGMP  leave  message  (global  leave)  to  speed  the  process  of 

recovering  from  the  flood  mode  caused  during  a  TCN  event. 


Defaults  The  TCN  flood  query  count  is  2. 

The  TCN  query  solicitation  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Use  ip  igmp  snooping  ten  flood  query  count  global  configuration  command  to  control  the  time  that 
multicast  traffic  is  flooded  after  a  TCN  event.  If  you  set  the  TCN  flood  query  count  to  1  by  using  the  ip 
igmp  snooping  ten  flood  query  count  command,  the  flooding  stops  after  receiving  1  general  query.  If 
you  set  the  count  to  7,  the  flooding  of  multicast  traffic  due  to  the  TCN  event  lasts  until  7  general  queries 
are  received.  Groups  are  relearned  based  on  the  general  queries  received  during  the  TCN  event. 

Use  the  ip  igmp  snooping  ten  query  solicit  global  configuration  command  to  enable  the  switch  to  send 
the  global  leave  message  whether  or  not  it  is  the  spanning-tree  root.  This  command  also  speeds  the 
process  of  recovering  from  the  flood  mode  caused  during  a  TCN  event. 


Examples  This  example  shows  how  to  specify  7  as  the  number  of  IGMP  general  queries  for  which  the  multicast 

traffic  is  flooded: 

Switch (config) #  no  ip  igmp  snooping  ten  flood  query  count  7 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
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Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  ten  flood 

Specifies  flooding  on  an  interface  as  the  IGMP  snooping  spanning-tree 

TCN  behavior. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration  of  the  switch  or  the  VLAN. 
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ip  igmp  snooping  ten  flood  U 


ip  igmp  snooping  ten  flood 


Use  the  ip  igmp  snooping  ten  flood  interface  configuration  command  to  specify  multicast  flooding  as 
the  Internet  Group  Management  Protocol  (IGMP)  snooping  spanning-tree  Topology  Change  Notification 
(TCN)  behavior.  Use  the  no  form  of  this  command  to  disable  the  multicast  flooding. 

ip  igmp  snooping  ten  flood 

no  ip  igmp  snooping  ten  flood 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Multicast  flooding  is  enabled  on  an  interface  during  a  spanning-tree  TCN  event. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


When  the  switch  receives  a  TCN,  multicast  traffic  is  flooded  to  all  the  ports  until  two  general  queries  are 
received.  If  the  switch  has  many  ports  with  attached  hosts  that  are  subscribed  to  different  multicast 
groups,  the  flooding  might  exceed  the  capacity  of  the  link  and  cause  packet  loss. 

You  can  change  the  flooding  query  count  by  using  the  ip  igmp  snooping  ten  flood  query  count  count 
global  configuration  command. 


Examples 


This  example  shows  how  to  disable  the  multicast  flooding  on  an  interface: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  no  ip  igmp  snooping  ten  flood 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 


Related  Commands 


Command 

Description 

ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  ten 

Configures  the  IGMP  TCN  behavior  on  the  switch. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration  of  the  switch  or  the  VLAN. 
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ip  igmp  snooping  vlan  immediate-leave 


Use  the  ip  igmp  snooping  immediate-leave  global  configuration  command  to  enable  Internet  Group 
Management  Protocol  (IGMP)  snooping  immediate-leave  processing  on  a  per- VLAN  basis.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

ip  igmp  snooping  vlan  vlan-id  immediate-leave 

no  ip  igmp  snooping  vlan  vlan-id  immediate-leave 


Syntax  Description  vlan-id 


Enable  IGMP  snooping  and  the  Immediate-Leave  feature  on  the  specified 
VLAN.  The  range  is  1  to  1001  and  1006  to  4094. 


Defaults 


IGMP  immediate-leave  processing  is  disabled. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

You  should  configure  the  Immediate-  Leave  feature  only  when  there  is  a  maximum  of  one  receiver  on 
every  port  in  the  VLAN.  The  configuration  is  saved  in  NVRAM. 

The  Immediate-Leave  feature  is  supported  only  with  IGMP  Version  2  hosts. 


Examples 


This  example  shows  how  to  enable  IGMP  immediate-leave  processing  on  VLAN  1: 

Switch (config) #  ip  igmp  snooping  vlan  1  immediate-leave 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 


Related  Commands 


Command 

Description 

ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 

show  ip  igmp  snooping 

Displays  the  snooping  configuration. 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information. 

show  ip  igmp  snooping  mrouter 

Displays  the  IGMP  snooping  router  ports. 

show  ip  igmp  snooping  querier 

Displays  the  configuration  and  operation  information  for 
the  IGMP  querier  configured  on  a  switch. 
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ip  igmp  snooping  vlan  mrouter  IS 


ip  igmp  snooping  vlan  mrouter 

Use  the  ip  igmp  snooping  mrouter  global  configuration  command  to  add  a  multicast  router  port  or  to 
configure  the  multicast  learning  method.  Use  the  no  form  of  this  command  to  return  to  the  default 
settings. 

ip  igmp  snooping  vlan  vlan-id  mrouter  {interface  interface-id  I  learn  {cgmp  I  pim-dvmrp} } 
no  ip  igmp  snooping  vlan  vlan-id  mrouter  {interface  interface-id  I  learn  {cgmp  I  pim-dvmrp} } 


Syntax  Description      vlan-id  Enable  IGMP  snooping,  and  add  the  port  in  the  specified  VLAN  as  the 

multicast  router  port.  The  range  is  1  to  1001  and  1006  to  4094. 

interface  interface-id     Specify  the  next-hop  interface  to  the  multicast  router.  The  keywords  have 
these  meanings: 

•  gigabitethernet  interface  number — a  Gigabit  Ethernet  IEEE  802. 3z 
interface. 

•  port-channel  interface  number — a  channel  interface.  The  range  is  0 
to  48. 

learn  {cgmp  I  Specify  the  multicast  router  learning  method.  The  keywords  have  these 

pim-dvmrp}  meanings: 

•  cgmp — Set  the  switch  to  learn  multicast  router  ports  by  snooping  on 
Cisco  Group  Management  Protocol  (CGMP)  packets. 

•  pim-dvmrp — Set  the  switch  to  learn  multicast  router  ports  by  snooping 
on  IGMP  queries  and  Protocol-Independent  Multicast-Distance  Vector 
Multicast  Routing  Protocol  (PIM-DVMRP)  packets. 


Defaults  By  default,  there  are  no  multicast  router  ports. 

The  default  learning  method  is  pim-dvmrp — to  snoop  IGMP  queries  and  PIM-DVMRP  packets. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

The  CGMP  learn  method  is  useful  for  reducing  control  traffic. 
The  configuration  is  saved  in  NVRAM. 
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Examples  This  example  shows  how  to  configure  a  port  as  a  multicast  router  port: 

Switch (config) #  ip  igmp  snooping  vlan  1  mrouter  interface  gigabitethernetO/2 

This  example  shows  how  to  specify  the  multicast  router  learning  method  as  CGMP: 

Switch ( config) #  ip  igmp  snooping  vlan  1  mrouter  learn  cgmp 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
Related  Commands      Command  Description 


ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 

show  ip  igmp  snooping 

Displays  the  snooping  configuration. 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information. 

show  ip  igmp  snooping  mrouter 

Displays  the  IGMP  snooping  router  ports. 

show  ip  igmp  snooping  querier 

Displays  the  configuration  and  operation  information  for 
the  IGMP  querier  configured  on  a  switch. 
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ip  igmp  snooping  vlan  static  I 


ip  igmp  snooping  vlan  static 


Use  the  ip  igmp  snooping  static  global  configuration  command  to  enable  Internet  Group  Management 
Protocol  (IGMP)  snooping  and  to  statically  add  a  Layer  2  port  as  a  member  of  a  multicast  group.  Use 
the  no  form  of  this  command  to  remove  ports  specified  as  members  of  a  static  multicast  group. 

ip  igmp  snooping  vlan  vlan-id  static  ip-address  interface  interface-id 

no  ip  igmp  snooping  vlan  vlan-id  static  ip-address  interface  interface-id 


Syntax  Description  vlan-id 


Enable  IGMP  snooping  on  the  specified  VLAN.  The  range  is  1  to  1001 
and  1006  to  4094. 


ip-address  Add  a  Layer  2  port  as  a  member  of  a  multicast  group  with  the  specified  group 

IP  address. 

interface  interface-id     Specify  the  interface  of  the  member  port.  The  keywords  have  these 
meanings: 

•  gigabitethernet  interface  number — a  Gigabit  Ethernet  IEEE  802. 3z 
interface. 

•  port-channel  interface  number — a  channel  interface.  The  range  is  0 
to  48. 


Defaults 


By  default,  there  are  no  ports  statically  configured  as  members  of  a  multicast  group. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines        VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

The  configuration  is  saved  in  NVRAM. 


Examples 


This  example  shows  how  to  statically  configure  a  host  on  an  interface: 

Switch(conf ig) #  ip  igmp  snooping  vlan  1  static  0100 . 5e02 . 0203  interface  gigabitethernetO/1 

Configuring  port  gigabitethernetO/1  on  group  0100 . 5e02 . 0203 

You  can  verify  your  settings  by  entering  the  show  ip  igmp  snooping  privileged  EXEC  command. 
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Related  Commands      Command  Description 


ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 

show  ip  igmp  snooping 

Displays  the  snooping  configuration. 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information. 

show  ip  igmp  snooping  mrouter 

Displays  the  IGMP  snooping  router  ports. 

show  ip  igmp  snooping  querier 

Displays  the  configuration  and  operation  information  for 
the  IGMP  querier  configured  on  a  switch. 
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ip  ssh  I 


ipssh 

Use  the  ip  ssh  global  configuration  command  to  configure  the  switch  to  run  Secure  Shell  (SSH) 
Version  1  or  SSH  Version  2.  This  command  is  available  only  when  your  switch  is  running  the 
cryptographic  (encrypted)  software  image.  Use  the  no  form  of  this  command  to  return  to  the  default 
setting. 

ip  ssh  version  [1  I  2] 

no  ip  ssh  version  [1  I  2] 


Syntax  Description      1       (Optional)  Configure  the  switch  to  run  SSH  Version  1  (SSHvl). 

2       (Optional)  Configure  the  switch  to  run  SSH  Version  2  (SSHvl). 


Defaults  The  default  version  is  the  latest  SSH  version  supported  by  the  SSH  client. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  If  you  do  not  enter  this  command  or  if  you  do  not  specify  a  keyword,  the  SSH  server  selects  the  latest 
SSH  version  supported  by  the  SSH  client.  For  example,  if  the  SSH  client  supports  SSHvl  and  SSHv2, 
the  SSH  server  selects  SSHv2. 

The  switch  supports  an  SSHvl  or  an  SSHv2  server.  It  also  supports  an  SSHvl  client.  For  more 
information  about  the  SSH  server  and  the  SSH  client,  see  the  software  configuration  guide  for  this 
release. 

A  Rivest,  Shamir,  and  Adelman  (RSA)  key  pair  generated  by  an  SSHvl  server  can  be  used  by  an  SSHv2 
server  and  the  reverse. 


Examples  This  example  shows  how  to  configure  the  switch  to  run  SSH  Version  2: 

Switch (config) #  ip  ssh  version  2 

You  can  verify  your  settings  by  entering  the  show  ip  ssh  or  show  ssh  privileged  EXEC  command. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  j 


2-157 


I    ip  ssh 


Chapter  2     CGESM  Switch  Cisco  IPS  Commands  | 


Related  Commands      Command  Description 

show  ip  ssh  Displays  if  the  SSH  server  is  enabled  and  displays  the  version  and 

configuration  information  for  the  SSH  server.  For  syntax  information,  select 
Cisco  IOS  Release  12.2  Configuration  Guides  and  Command  References  > 
Cisco  IOS  Security  Command  Reference,  Release  12.2  >  Other  Security 
Features  >  Secure  Shell  Commands. 

show  ssh  Displays  the  status  of  the  SSH  server.  For  syntax  information,  select  Cisco  IOS 

Release  12.2  Configuration  Guides  and  Command  References  >  Cisco  IOS 
Security  Command  Reference,  Release  12.2  >  Other  Security  Features  > 
Secure  Shell  Commands. 
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lacp  port-priority  I 


lacp  port-priority 


Use  the  lacp  port-priority  interface  configuration  command  to  configure  the  port  priority  for  the  Link 
Aggregation  Control  Protocol  (LACP).  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

lacp  port-priority  priority 

no  lacp  port-priority 


Syntax  Description  priority 


Port  priority  for  LACP.  The  range  is  1  to  65535. 


Defaults 


The  default  is  32768. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  lacp  port-priority  interface  configuration  command  determines  which  ports  are  bundled  and  which 
ports  are  put  in  hot-standby  mode  when  there  are  more  than  eight  ports  in  an  LACP  channel  group. 

An  LACP  channel  group  can  have  up  to  16  Ethernet  ports  of  the  same  type.  Up  to  eight  ports  can  be  active, 
and  up  to  eight  ports  can  be  in  standby  mode. 

In  port-priority  comparisons,  a  numerically  lower  value  has  a  higher  priority:  When  there  are  more  than 
eight  ports  in  an  LACP  channel-group,  the  eight  ports  with  the  numerically  lowest  values  (highest 
priority  values)  for  LACP  port  priority  are  bundled  into  the  channel  group,  and  the  lower-priority  ports 
are  put  in  hot-standby  mode.  If  two  or  more  ports  have  the  same  LACP  port  priority  (for  example,  they 
are  configured  with  the  default  setting  of  65535)  an  internal  value  for  the  port  number  determines  the 
priority. 


Note      The  LACP  port  priorities  are  only  effective  if  the  ports  are  on  the  switch  that  controls  the  LACP  link. 

See  the  lacp  system-priority  global  configuration  command  for  determining  which  switch  controls  the 
link. 


Use  the  show  lacp  internal  privileged  EXEC  command  to  display  LACP  port  priorities  and  internal  port 
number  values. 

For  information  about  configuring  LACP  on  physical  ports,  see  the  "Configuring  EtherChannels" 
chapter  in  the  software  configuration  guide  for  this  release. 
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Examples  This  example  shows  how  to  configure  the  LACP  port  priority  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  lacp  port-priority  1000 

You  can  verify  your  settings  by  entering  the  show  lacp  [channel-group-number]  internal  privileged 
EXEC  command. 


Related  Commands      Command  Description 


channel-group 

Assigns  an  Ethernet  port  to  an  EtherChannel  group. 

lacp  system-priority 

Configures  the  LACP  system  priority. 

show  lacp  [channel-group-number] 

Displays  internal  information  for  all  channel  groups  or  for 

internal 

the  specified  channel  group. 
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lacp  system-priority  I 


lacp  system-priority 


Use  the  lacp  system-priority  global  configuration  command  to  configure  the  system  priority  for  the 
Link  Aggregation  Control  Protocol  (LACP).  Use  the  no  form  of  this  command  to  return  to  the  default 
setting. 

lacp  system-priority  priority 
no  lacp  system-priority 


Syntax  Description  priority 


System  priority  for  LACP.  The  range  is  1  to  65535. 


Defaults 


The  default  is  32768. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  lacp  system-priority  command  determines  which  switch  in  an  LACP  link  controls  port  priorities. 

An  LACP  channel  group  can  have  up  to  16  Ethernet  ports  of  the  same  type.  Up  to  eight  ports  can  be  active, 
and  up  to  eight  ports  can  be  in  standby  mode.  When  there  are  more  than  eight  ports  in  an  LACP 
channel-group,  the  switch  on  the  controlling  end  of  the  link  uses  port  priorities  to  determine  which  ports 
are  bundled  into  the  channel  and  which  ports  are  put  in  hot-standby  mode.  Port  priorities  on  the  other 
switch  (the  noncontrolling  end  of  the  link)  are  ignored. 

In  priority  comparisons,  numerically  lower  values  have  higher  priority.  Therefore,  the  system  with  the 
numerically  lower  value  (higher  priority  value)  for  LACP  system  priority  becomes  the  controlling  system.  If 
both  switches  have  the  same  LACP  system  priority  (for  example,  they  are  both  configured  with  the 
default  setting  of  32768),  the  LACP  system  ID  (the  switch  MAC  address)  determines  which  switch  is  in 
control. 

The  lacp  system-priority  command  applies  to  all  LACP  EtherChannels  on  the  switch. 

Use  the  show  etherchannel  summary  privileged  EXEC  command  to  see  which  ports  are  in  the 
hot-standby  mode  (denoted  with  an  H  port-state  flag  in  the  output  display). 

For  more  information  about  configuring  LACP  on  physical  ports,  see  the  "Configuring  EtherChannels" 
chapter  in  the  software  configuration  guide  for  this  release. 


Examples 


This  example  shows  how  to  set  the  LACP  system  priority: 

Switch (config) #  lacp  system-priority  20000 

You  can  verify  your  settings  by  entering  the  show  lacp  sys-id  privileged  EXEC  command. 
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H    lacp  system-priority 


Related  Commands      Command  Description 


channel-group 

Assigns  an  Ethernet  port  to  an  EtherChannel  group. 

lacp  port-priority 

Configures  the  LACP  port  priority. 

show  lacp  sys-id 

Displays  the  system  identifier  that  is  being  used  by  LACP. 
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link  state  group  I 


link  state  group 


Use  the  link  state  group  interface  configuration  command  to  configure  a  port  as  a  member  of  a  link-state 
group.  Use  the  no  form  of  this  command  to  remove  the  port  from  the  link-state  group. 

link  state  group  [number]  {upstream  I  downstream} 

no  link  state  group  [number]  {upstream  I  downstream} 


Syntax  Description  number 


(Optional)  Specify  the  link-state  group  number.  The  default  is  1. 


upstream 

Configure  a  port  as  an  upstream  port  for  a 

specific  link-state  group. 

downstream 

Configure  a  port  as  a  downstream  port  for 

a  specific  link-state  group. 

Defaults 


The  default  group  is  group  1. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SED 


This  command  was  introduced. 


Usage  Guidelines 


Use  the  link  state  group  interface  configuration  command  to  configure  a  port  as  an  upstream  or 
downstream  port  for  a  specific  link-state  group.  If  the  group  number  is  omitted,  the  default  group  is 
assumed. 

An  interface  can  be  an  aggregation  of  ports  (an  EtherChannel)  or  a  single  physical  port  in  access  or  trunk 
mode.  Each  downstream  interface  can  be  associated  with  one  or  more  upstream  interfaces.  Upstream 
interfaces  can  be  bundled  together,  and  each  downstream  interface  can  be  associated  with  a  single  group 
consisting  of  multiple  upstream  interfaces.  These  groups  are  referred  to  as  link-state  groups. 

The  link  state  of  the  downstream  interfaces  are  dependent  on  the  link  state  of  the  upstream  interfaces  in 
the  associated  link-state  group.  If  all  of  the  upstream  interfaces  in  a  link-state  group  are  in  a  link-down 
state,  then  the  associated  downstream  interfaces  are  forced  into  a  link-down  state.  If  any  one  of  the 
upstream  interfaces  in  the  link-state  group  is  in  a  link-up  state,  then  the  associated  downstream  interfaces 
are  allowed  to  transition  to,  or  remain  in,  a  link-up  state. 


as  a  member  of  a 


Follow  these  guidelines  to  avoid  configuration  problems: 

•  Do  not  configure  an  internal  management  module  interface  (giO/17  or  giO/lf 
link- state  group. 

•  Do  not  configure  an  EtherChannel  as  a  downstream  interface. 

•  An  interface  that  is  defined  as  an  upstream  interface  cannot  also  be  defined  as  a  downstream 
interface  in  the  same  or  a  different  link-state  group.  The  reverse  is  also  true. 

•  You  can  configure  only  two  link-state  groups  per  switch. 
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Examples  This  example  shows  how  to  configure  the  interfaces  as  upstream  in  group  2: 

Switch#  configure  terminal 

Switch (config) #  interface  range  gigabitethernetO/19  -  2015 
Switch (config-if) #  link  state  group  2  upstream 

Switch (config-if) #  end 


Note      If  the  interfaces  are  part  of  an  EtherChannel,  you  must  specify  the  port  channel  name  as  part  of  the  link 
state  group,  not  the  individual  port  members. 


This  example  shows  how  to  create  a  link-state  group  using  ports  in  an  EtherChannel: 

Switch#  configure  terminal 

Switch ( config) #  link  state  track  1 
Switch (config) #  interface  P01 

Switch (config-if ) #  link  state  group  1  upstream 

Switch (conf ig-if-range) #  interface  range  gigabitethernetO/1,  gigabitethernetO/3, 
gigabitethernet 0 / 5 

Switch (conf ig-if) #  link  state  group  1  downstream 

Switch ( conf ig-if ) #  end 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 


link  state  track 

Enables  a  link-state  group. 

show  link  state  group 

Displays  the  link-state  group  information. 

show  running-config 

Displays  the  current  operating  configuration.  For  syntax  information,  select 
Cisco  IOS  Configuration  Fundamentals  Command  Reference  for 
Release  12.2  >  Cisco  IOS  File  Management  Commands  >  Configuration 
File  Commands. 
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link  state  track 


Use  the  link  state  track  global  configuration  command  to  enable  a  link-state  group.  Use  the  no  form  of 
this  command  to  disable  a  link-state  group. 

link  state  track  [number] 

no  link  state  track  [number] 


Syntax  Description  number 


(Optional)  Specify  the  link-state  group  number.  The  group  number  can 
be  1  or  2,  the  default  is  1 . 


Defaults 


Link-state  tracking  is  disabled  for  all  groups. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SED 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  enable  link-state  group  2: 

Switch ( config) #  link  state  track  2 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands  Command 


Description 


link  state  group 


Configures  an  interface  as  a  member  of  a  link-state  group. 


show  link  state  group 


Displays  the  link-state  group  information. 


show  running-config 


Displays  the  current  operating  configuration.  For  syntax  information, 
select  Cisco  IOS  Configuration  Fundamentals  Command  Reference 
for  Release  12.2  >  Cisco  IOS  File  Management  Commands  > 
Configuration  File  Commands. 
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logging  event 


Use  the  logging  event  interface  configuration  command  to  enable  notification  of  interface  link  status 
changes.  Use  the  no  form  of  this  command  to  disable  notification. 

logging  event  {bundle-status  I  link-status  I  spanning-tree  I  status  I  trunk  status} 

no  logging  event  {bundle-status  I  link-status  I  spanning-tree  I  status  I  trunk  status} 


Syntax  Description 


bundle-status 

Enable  notification  of  BUNDLE  and  UNBUNDLE  messages. 

link-status 

Enable  notification  of  interface  data  link  status  changes. 

spanning-tree 

Enable  notification  of  spanning-tree  events. 

status 

Enable  notification  of  spanning-tree  state  change  messages. 

trunk-status 

Enable  notification  of  trunk-status  messages. 

Defaults 


Event  logging  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  enable  spanning-tree  logging: 

Switch (config-if) #  logging  event  spanning-tree 
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logging  file  3§ 


logging  file 

Use  the  logging  file  global  configuration  command  to  set  logging  file  parameters.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting. 

logging  file  file  system-filename  [max- file -size  I  nomax  [min-file-size]]  [severity-level-number  I 
type] 

no  logging  file  filesystem-.filename  [severity-level-number  I  type] 


Syntax  Description       filesystem:/j7e«ame         Alias  for  a  flash  file  system.  Contains  the  path  and  name  of  the  file  that 

contains  the  log  messages. 

The  syntax  for  the  local  flash  file  system: 
flash: 


max-file-size 

(Optional)  Specify  the  maximum  logging  file  size.  The  range  is  4096  to 

2147483647. 

nomax 

(Optional)  Specify  the  maximum  file  size  of  2147483647. 

min-file-size 

(Optional)  Specify  the  minimum  logging  file  size.  The  range  is  1024  to 

2147483647. 

severity-level-number 

(Optional)  Specify  the  logging  severity  level.  The  range  is  0  to  7.  See  the  type 

option  for  the  meaning  of  each  level. 

type 

(Optional)  Specify  the  logging  type.  These  keywords  are  valid: 

•    emergencies — System  is  unusable  (severity  0). 

•    alerts — Immediate  action  needed  (severity  1). 

•    critical — Critical  conditions  (severity  2). 

•    errors — Error  conditions  (severity  3). 

•    warnings — Warning  conditions  (severity  4). 

•    notifications — Normal  but  significant  messages  (severity  5). 

•    informational — Information  messages  (severity  6). 

•    debugging — Debugging  messages  (severity  7). 

Defaults  The  minimum  file  size  is  2048  bytes;  the  maximum  file  size  is  4096  bytes. 

The  default  severity  level  is  7  (debugging  messages  and  numerically  lower  levels). 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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Usage  Guidelines       The  log  file  is  stored  in  ASCII  text  format  in  an  internal  buffer  on  the  switch.  You  can  access  logged 
system  messages  by  using  the  switch  command-line  interface  (CLI)  or  by  saving  them  to  a  properly 
configured  syslog  server.  If  the  switch  fails,  the  log  is  lost  unless  you  had  previously  saved  it  to  flash 
memory  by  using  the  logging  file  fiashifilename  global  configuration  command. 

After  saving  the  log  to  flash  memory  by  using  the  logging  file  flash  -.filename  global  configuration 
command,  you  can  use  the  more  flash  '.filename  privileged  EXEC  command  to  display  its  contents. 

The  command  rejects  the  minimum  file  size  if  it  is  greater  than  the  maximum  file  size  minus  1024;  the 
minimum  file  size  then  becomes  the  maximum  file  size  minus  1024. 

Specifying  a  level  causes  messages  at  that  level  and  numerically  lower  levels  to  be  displayed. 


Examples  This  example  shows  how  to  save  informational  log  messages  to  a  file  in  flash  memory: 

Switch (config) #  logging  file  flash: logfile  informational 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals  Command 
Reference,  Release  12.2  >  File  Management  Commands  >  Configuration 
File  Management  Commands. 
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mac  access-group 


Syntax  Description 


Use  the  mac  access-group  interface  configuration  command  to  apply  a  MAC  access  control  list  (ACL) 
to  a  Layer  2  interface.  Use  the  no  form  of  this  command  to  remove  all  MAC  ACLs  or  the  specified  MAC 
ACL  from  the  interface.  You  create  the  MAC  ACL  by  using  the  mac  access-list  extended  global 
configuration  command. 

mac  access-group  {name}  in 

no  mac  access-group  {name} 


name  Specify  a  named  MAC  access  list. 

in  Specify  that  the  ACL  is  applied  in  the  ingress  direction.  Outbound  ACLs  are  not 

supported  on  Layer  2  interfaces. 


Defaults 


No  MAC  ACL  is  applied  to  the  interface. 


Command  Modes 


Interface  configuration  (Layer  2  interfaces  only) 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  can  apply  MAC  ACLs  only  to  ingress  Layer  2  interfaces. 

On  Layer  2  interfaces,  you  can  filter  IP  traffic  by  using  IP  access  lists  and  non-IP  traffic  by  using  MAC 
access  lists.  You  can  filter  both  IP  and  non-IP  traffic  on  the  same  Layer  2  interface  by  applying  both  an 
IP  ACL  and  a  MAC  ACL  to  the  interface.  You  can  apply  no  more  than  one  IP  access  list  and  one  MAC 
access  list  to  the  same  Layer  2  interface. 

If  a  MAC  ACL  is  already  configured  on  a  Layer  2  interface  and  you  apply  a  new  MAC  ACL  to  the 
interface,  the  new  ACL  replaces  the  previously  configured  one. 

If  you  apply  an  ACL  to  a  Layer  2  interface  on  a  switch,  and  the  switch  has  a  VLAN  map  applied  to  a 
VLAN  that  the  interface  is  a  member  of,  the  ACL  applied  to  the  Layer  2  interface  takes  precedence. 

When  an  inbound  packet  is  received  on  an  interface  with  a  MAC  ACL  applied,  the  switch  checks  the 
match  conditions  in  the  ACL.  If  the  conditions  are  matched,  the  switch  forwards  or  drops  the  packet, 
according  to  the  ACL. 

If  the  specified  ACL  does  not  exist,  the  switch  forwards  all  packets. 

For  more  information  about  configuring  MAC  extended  ACLs,  see  the  "Configuring  Network  Security 
with  ACLs"  chapter  in  the  software  configuration  guide  for  this  release. 
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Examples  This  example  shows  how  to  apply  a  MAC  extended  ACL  named  macacl2  to  an  interface: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  mac  access-group  macacl2  in 

You  can  verify  your  settings  by  entering  the  show  mac  access-group  privileged  EXEC  command.  You 
can  see  configured  ACLs  on  the  switch  by  entering  the  show  access-lists  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  access-lists  Displays  the  ACLs  configured  on  the  switch. 

show  link  state  group  Displays  the  MAC  ACLs  configured  on  the  switch. 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals  Command 
Reference,  Release  12.2  >  File  Management  Commands  > 
Configuration  File  Management  Commands. 
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mac  access-list  extended 

Use  the  mac  access-list  extended  global  configuration  command  to  create  an  access  list  based  on  MAC 
addresses  for  non-IP  traffic.  Using  this  command  puts  you  in  the  extended  MAC  access-list 
configuration  mode.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mac  access-list  extended  name 

no  mac  access-list  extended  name 


Syntax  Description      name  Assign  a  name  to  the  MAC  extended  access  list. 


Defaults  By  default,  there  are  no  MAC  access  lists  created. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       MAC  named  extended  lists  are  used  with  VLAN  maps  and  class  maps. 

You  can  apply  named  MAC  extended  ACLs  to  VLAN  maps  or  to  Layer  2  interfaces. 

Entering  the  mac  access-list  extended  command  enables  the  MAC  access-list  configuration  mode. 
These  configuration  commands  are  available: 

•  default:  sets  a  command  to  its  default. 

•  deny:  specifies  packets  to  reject.  For  more  information,  see  the  deny  (MAC  access-list 
configuration)  MAC  access-list  configuration  command. 

•  exit:  exits  from  MAC  access-list  configuration  mode. 

•  no:  negates  a  command  or  sets  its  defaults. 

•  permit:  specifies  packets  to  forward.  For  more  information,  see  the  permit  (MAC  access-list 
configuration)  command. 

For  more  information  about  MAC  extended  access  lists,  see  the  software  configuration  guide  for  this 
release. 
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Examples  This  example  shows  how  to  create  a  MAC  named  extended  access  list  named  macl  and  to  enter  extended 

MAC  access-list  configuration  mode: 

Switch (config) #  mac  access-list  extended  macl 

Switch ( conf ig-ext-macl ) # 

This  example  shows  how  to  delete  MAC  named  extended  access  list  macl: 

Switch (conf ig) #  no  mac  access-list  extended  macl 

You  can  verify  your  settings  by  entering  the  show  access-lists  privileged  EXEC  command. 


Related  Commands      Command  Description 

deny  (MAC  access-list  Configures  the  MAC  ACL  (in  extended  MAC-access  list  configuration 

configuration)  mode). 

permit  (MAC 

access-list 

configuration) 

show  access-lists  Displays  the  access  lists  configured  on  the  switch. 

vlan  access-map  Defines  a  VLAN  map  and  enters  access-map  configuration  mode  where  you 
can  specify  a  MAC  ACL  to  match  and  the  action  to  be  taken. 
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mac  address-table  aging-time 


Use  the  mac  address-table  aging-time  global  configuration  command  to  set  the  length  of  time  that  a 
dynamic  entry  remains  in  the  MAC  address  table  after  the  entry  is  used  or  updated.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting.  The  aging  time  applies  to  all  VLANs  or  a  specified  VLAN. 

mac  address-table  aging-time  {0  I  10-1000000}  [vlan  vlan-id] 

no  mac  address-table  aging-time  {0  I  10-1000000}  [vlan  vlan-id] 


Syntax  Description  0 


10-1000000 


This  value  disables  aging.  Static  address  entries  are  never  aged  or  removed  from 
the  table. 

Aging  time  in  seconds.  The  range  is  10  to  1000000  seconds. 


vlan  vlan-id  (Optional)  Specify  the  VLAN  ID  to  which  to  apply  the  aging  time.  The  range  is  1 

to  4094. 


Defaults 


The  default  is  300  seconds. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


If  hosts  do  not  send  continuously,  increase  the  aging  time  to  record  the  dynamic  entries  for  a  longer  time. 
Increasing  the  time  can  reduce  the  possibility  of  flooding  when  the  hosts  send  again. 

If  you  do  not  specify  a  specific  VLAN,  this  command  sets  the  aging  time  for  all  VLANs. 


Examples 


This  example  shows  how  to  set  the  aging  time  to  200  seconds  for  all  VLANs: 

Switch (config) #  mac  address-table  aging-time  200 

You  can  verify  your  setting  by  entering  the  show  mac  address-table  aging-time  privileged  EXEC 
command. 


Related  Commands 


Command 

show  mac  address-table  aging-time 


Description 

Displays  the  MAC  address  table  aging  time  for  all  VLANs 
or  the  specified  VLAN. 
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mac  address-table  move  update 


Use  the  mac  address-table  move  update  global  configuration  command  to  enable  the  MAC 
address-table  move  update  feature.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mac  address-table  move  update  {receive  I  transmit} 

no  mac  address-table  move  update  {receive  I  transmit} 


Syntax  Description  receive 


Specify  that  the  switch  processes  MAC  address-table  move  update  messages. 


transmit  Specify  that  the  switch  sends  MAC  address-table  move  update  messages  to 

other  switches  in  the  network  if  the  primary  link  goes  down  and  the  standby 
link  comes  up. 


Command  Modes 


Global  configuration. 


Defaults 


By  default,  the  MAC  address-table  move  update  feature  is  disabled. 


Command  History 


Release 

12.2(25)SED 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  MAC  address-table  move  update  feature  allows  the  switch  to  provide  rapid  bidirectional 
convergence  if  a  primary  (forwarding)  link  goes  down  and  the  standby  link  begins  forwarding  traffic. 

You  can  configure  the  access  switch  to  send  the  MAC  address-table  move  update  messages  if  the  primary 
link  goes  down  and  the  standby  link  comes  up.  You  can  configure  the  uplink  switches  to  receive  and 
process  the  MAC  address-table  move  update  messages. 


Examples 


This  example  shows  how  to  configure  an  access  switch  to  send  MAC  address-table  move  update 
messages: 

Switch#  configure  terminal 

Switch(conf ) #  mac  address-table  move  update  transmit 

Switch (conf ) #  end 

This  example  shows  how  to  configure  an  uplink  switch  to  get  and  process  MAC  address-table  move 
update  messages: 

Switch#  configure  terminal 

Switch (conf ) #  mac  address-table  move  update  receive 

Switch (conf ) #  end 

You  can  verify  your  settings  by  entering  the  show  mac  address-table  move  update  privileged  EXEC 
command. 
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Related  Commands      Command  Description 


clear  mac  address-table  move 

Clears  the  MAC  address-table  move  update  global  counters. 

update 

debug  matm  move  update 

Debugs  the  MAC  address-table  move  update  message 

processing. 

show  mac  address-table  move 

Displays  the  MAC  address-table  move  update  information  on 

update 

the  switch. 
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mac  address-table  notification 


Use  the  mac  address-table  notification  global  configuration  command  to  enable  the  MAC  address 
notification  feature  on  the  switch.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mac  address-table  notification  [history-size  value]  I  [interval  value] 

no  mac  address-table  notification  [history-size  I  interval] 


Syntax  Description      history-size  value 


interval  value 


(Optional)  Configure  the  maximum  number  of  entries  in  the  MAC 
notification  history  table.  The  range  is  0  to  500  entries. 


(Optional)  Set  the  notification  trap  interval.  The  switch  sends  the  notification 
traps  when  this  amount  of  time  has  elapsed.  The  range  is  0  to  2147483647 
seconds. 


Defaults 


By  default,  the  MAC  address  notification  feature  is  disabled. 

The  default  trap  interval  value  is  1  second. 

The  default  number  of  entries  in  the  history  table  is  1. 


Command  Modes 


Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


The  MAC  address  notification  feature  sends  Simple  Network  Management  Protocol  (SNMP)  traps  to  the 
network  management  system  (NMS)  whenever  a  new  MAC  address  is  added  or  an  old  address  is  deleted 
from  the  forwarding  tables.  MAC  notifications  are  generated  only  for  dynamic  and  secure  MAC 
addresses.  Events  are  not  generated  for  self  addresses,  multicast  addresses,  or  other  static  addresses. 

When  you  configure  the  history-size  option,  the  existing  MAC  address  history  table  is  deleted,  and  a 
new  table  is  created. 

You  enable  the  MAC  address  notification  feature  by  using  the  mac  address-table  notification 
command.  You  must  also  enable  MAC  address  notification  traps  on  an  interface  by  using  the  snmp  trap 
mac-notification  interface  configuration  command  and  configure  the  switch  to  send  MAC  address  traps 
to  the  NMS  by  using  the  snmp-server  enable  traps  mac-notification  global  configuration  command. 
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Examples  This  example  shows  how  to  enable  the  MAC  address-table  notification  feature,  set  the  interval  time  to 

60  seconds,  and  set  the  history-size  to  100  entries: 

Switch ( config) #  mac  address-table  notification 

Switch (config) #  mac  address-table  notification  interval  60 

Switch (config) #  mac  address-table  notification  history-size  100 

You  can  verify  your  settings  by  entering  the  show  mac  address-table  notification  privileged  EXEC 
command. 


Related  Commands      Command  Description 

clear  mac  address-table  notification      Clears  the  MAC  address  notification  global  counters. 

show  mac  address-table  notification      Displays  the  MAC  address  notification  settings  on  all 

interfaces  or  on  the  specified  interface. 

snmp-server  enable  traps  Sends  the  SNMP  MAC  notification  traps  when  the 

mac-notification  keyword  is  appended. 

snmp  trap  mac-notification  Enables  the  SNMP  MAC  notification  trap  on  a  specific 

interface. 
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mac  address-table  static 


Use  the  mac  address-table  static  global  configuration  command  to  add  static  addresses  to  the  MAC 
address  table.  Use  the  no  form  of  this  command  to  remove  static  entries  from  the  table. 

mac  address-table  static  mac-addr  vlan  vlan-id  interface  interface-id 

no  mac  address-table  static  mac-addr  vlan  vlan-id  [interface  interface-id] 


Syntax  Description  mac-addr 


vlan  vlan-id 


interface  interface-id 


Destination  MAC  address  (unicast  or  multicast)  to  add  to  the  address 
table.  Packets  with  this  destination  address  received  in  the  specified 
VLAN  are  forwarded  to  the  specified  interface. 

Specify  the  VLAN  for  which  the  packet  with  the  specified  MAC  address 
is  received.  The  range  is  1  to  4094. 

Interface  to  which  the  received  packet  is  forwarded.  Valid  interfaces 
include  physical  ports  and  port  channels. 


Defaults 


No  static  addresses  are  configured. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Examples 


This  example  shows  how  to  add  the  static  address  c2f3.220a.12f4  to  the  MAC  address  table.  When  a 
packet  is  received  in  VLAN  4  with  this  MAC  address  as  its  destination,  the  packet  is  forwarded  to  the 
specified  interface: 

Switch (config) #  mac  address-table  static  c2f 3 . 220a . 12f 4  vlan  4  interface 
gigabitethernet 0 / 1 

You  can  verify  your  setting  by  entering  the  show  mac  address-table  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  mac  address-table  static      Displays  static  MAC  address  table  entries  only. 
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mac  address-table  static  drop 

Use  the  mac  address-table  static  drop  global  configuration  command  to  enable  unicast  MAC  address 
filtering  and  to  configure  the  switch  to  drop  traffic  with  a  specific  source  or  destination  MAC  address. 
Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mac  address-table  static  mac-addr  vlan  vlan-id  drop 

no  mac  address-table  static  mac-addr  vlan  vlan-id 


Syntax  Description       mac-addr  Unicast  source  or  destination  MAC  address.  Packets  with  this  MAC  address  are 

dropped. 

vlan  vlan-id  Specify  the  VLAN  for  which  the  packet  with  the  specified  MAC  address  is 

received.  Valid  VLAN  IDs  are  1  to  4094. 


Defaults  Unicast  MAC  address  filtering  is  disabled.  The  switch  does  not  drop  traffic  for  specific  source  or 

destination  MAC  addresses. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Follow  these  guidelines  when  using  this  feature: 

•  Multicast  MAC  addresses,  broadcast  MAC  addresses,  and  router  MAC  addresses  are  not  supported. 
Packets  that  are  forwarded  to  the  CPU  are  also  not  supported. 

•  If  you  add  a  unicast  MAC  address  as  a  static  address  and  configure  unicast  MAC  address  filtering, 
the  switch  either  adds  the  MAC  address  as  a  static  address  or  drops  packets  with  that  MAC  address, 
depending  on  which  command  was  entered  last.  The  second  command  that  you  entered  overrides  the 
first  command. 

For  example,  if  you  enter  the  mac  address-table  static  mac-addr  vlan  vlan-id  interface 
interface-id  global  configuration  command  followed  by  the  mac  address-table  static  mac-addr 
vlan  vlan-id  drop  command,  the  switch  drops  packets  with  the  specified  MAC  address  as  a  source 
or  destination. 

If  you  enter  the  mac  address-table  static  mac-addr  vlan  vlan-id  drop  global  configuration 
command  followed  by  the  mac  address-table  static  mac-addr  vlan  vlan-id  interface  interface-id 
command,  the  switch  adds  the  MAC  address  as  a  static  address. 
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Examples  This  example  shows  how  to  enable  unicast  MAC  address  filtering  and  to  configure  the  switch  to  drop 

packets  that  have  a  source  or  destination  address  of  c2f3.220a.12f4.  When  a  packet  is  received  in 
VLAN  4  with  this  MAC  address  as  its  source  or  destination,  the  packet  is  dropped: 

Switch (config) #  mac  address-table  static  c2f 3 . 220a . 12f 4  vlan  4  drop 

This  example  shows  how  to  disable  unicast  MAC  address  filtering: 

Switch (config) #  no  mac  address-table  static  c2f 3 . 220a . 12f 4  vlan  4 

You  can  verify  your  setting  by  entering  the  show  mac  address-table  static  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  mac  address-table  static      Displays  only  static  MAC  address  table  entries. 
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macro  apply 

Use  the  macro  apply  interface  configuration  command  to  apply  a  macro  to  an  interface  or  to  apply  and 
trace  a  macro  configuration  on  an  interface. 

macro  {apply  I  trace}  macro-name  [parameter  {value}]  [parameter  {value}] 
[parameter  {value}] 


Syntax  Description      apply  Apply  a  macro  to  the  specified  interface. 

trace  Use  the  trace  keyword  to  apply  a  macro  to  an  interface  and  to  debug  the  macro. 

macro-name  Specify  the  name  of  the  macro. 

parameter  value    (Optional)  Specify  unique  parameter  values  that  are  specific  to  the  interface.  You 
can  enter  up  to  three  keyword-value  pairs.  Parameter  keyword  matching  is  case 
sensitive.  All  matching  occurrences  of  the  keyword  are  replaced  with  the 
corresponding  value. 


Defaults  This  command  has  no  default  setting. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  use  the  macro  trace  macro-name  interface  configuration  command  to  apply  and  show  the 
macros  running  on  an  interface  or  to  debug  the  macro  to  find  any  syntax  or  configuration  errors. 

If  a  command  fails  because  of  a  syntax  error  or  a  configuration  error  when  you  apply  a  macro,  the  macro 
continues  to  apply  the  remaining  commands  to  the  interface. 

When  creating  a  macro  that  requires  the  assignment  of  unique  values,  use  the  parameter  value  keywords 
to  designate  values  specific  to  the  interface. 

Keyword  matching  is  case  sensitive.  All  matching  occurrences  of  the  keyword  are  replaced  with  the 
corresponding  value.  Any  full  match  of  a  keyword,  even  if  it  is  part  of  a  larger  string,  is  considered  a 
match  and  is  replaced  by  the  corresponding  value. 

Some  macros  might  contain  keywords  that  require  a  parameter  value.  You  can  use  the  macro  apply 
macro-name  ?  command  to  display  a  list  of  any  required  values  in  the  macro.  If  you  apply  a  macro 
without  entering  the  keyword  values,  the  commands  are  invalid  and  are  not  applied. 

There  are  Cisco-default  Smartports  macros  embedded  in  the  switch  software.  You  can  display  these 
macros  and  the  commands  they  contain  by  using  the  show  parser  macro  user  EXEC  command. 
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Follow  these  guidelines  when  you  apply  a  Cisco-default  Smartports  macro  on  an  interface: 

•  Display  all  macros  on  the  switch  by  using  the  show  parser  macro  user  EXEC  command.  Display 
the  contents  of  a  specific  macro  by  using  the  show  parser  macro  name  macro-name  user  EXEC 
command. 

•  Keywords  that  begin  with  $  mean  that  a  unique  parameter  value  is  required.  Append  the 
Cisco-default  macro  with  the  required  values  by  using  the  parameter  value  keywords. 

The  Cisco-default  macros  use  the  $  character  to  help  identify  required  keywords.  There  is  no 
restriction  on  using  the  $  character  to  define  keywords  when  you  create  a  macro. 

When  you  apply  a  macro  to  an  interface,  the  macro  name  is  automatically  added  to  the  interface.  You 
can  display  the  applied  commands  and  macro  names  by  using  the  show  running-configuration 
interface  interface-id  user  EXEC  command. 

A  macro  applied  to  an  interface  range  behaves  the  same  way  as  a  macro  applied  to  a  single  interface. 
When  you  use  an  interface  range,  the  macro  is  applied  sequentially  to  each  interface  within  the  range.  If 
a  macro  command  fails  on  one  interface,  it  is  still  applied  to  the  remaining  interfaces. 

You  can  delete  a  macro-applied  configuration  on  an  interface  by  entering  the  default  interface 

interface-id  interface  configuration  command. 


Examples  After  you  have  created  a  macro  by  using  the  macro  name  global  configuration  command,  you  can  apply 

it  to  an  interface.  This  example  shows  how  to  apply  a  user-created  macro  called  duplex  to  an  interface: 

Switch (config-if) #  macro  apply  duplex 

To  debug  a  macro,  use  the  macro  trace  interface  configuration  command  to  find  any  syntax  or 
configuration  errors  in  the  macro  as  it  is  applied  to  an  interface.  This  example  shows  how  to  troubleshoot 
the  user-created  macro  called  duplex  on  an  interface: 

Switch (config-if ) #  macro  trace  duplex 

Applying  command ...  1  duplex  auto' 
%Error  Unknown  error. 

Applying  command ...  1  speed  nonegotiate' 

This  example  shows  how  to  display  the  Cisco-default  cisco-desktop  macro  and  how  to  apply  the  macro 
and  set  the  access  VLAN  ID  to  25  on  an  interface: 

Switch#  show  parser  macro  cisco-desktop 

Macro  name   :  cisco-desktop 
Macro  type   :  default 

#  Basic  interface  -  Enable  data  VLAN  only 

#  Recommended  value  for  access  vlan   (AVID)    should  not  be  1 
switchport  access  vlan  $AVID 

switchport  mode  access 

#  Enable  port  security  limiting  port  to  a  single 

#  MAC  address  --  that  of  desktop 
switchport  port-security 
switchport  port-security  maximum  1 

#  Ensure  port-security  age  is  greater  than  one  minute 

#  and  use  inactivity  timer 

switchport  port-security  violation  restrict 
switchport  port-security  aging  time  2 
switchport  port-security  aging  type  inactivity 
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#  Configure  port  as  an  edge  network  port 
spanning-tree  portfast 
spanning- tree  bpduguard  enable 


Switch* 

Switch*  configure  terminal 

Switch ( config) #  interface  gigabitethernetO/4 

Switch (config-if) #  macro  apply  cisco-desktop  $AVTD  25 


Related  Commands      Command  Description 


macro  description 

Adds  a  description  about  the  macros  that  are  applied  to  an  interface. 

macro  global 

Applies  a  macro  on  a  switch  or  applies  and  traces  a  macro  on  a  switch. 

macro  global  description 

Adds  a  description  about  the  macros  that  are  applied  to  the  switch. 

macro  name 

Creates  a  macro. 

show  parser  macro 

Displays  the  macro  definition  for  all  macros  or  for  the  specified  macro. 
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macro  description 


Use  the  macro  description  interface  configuration  command  to  enter  a  description  about  which  macros 
are  applied  to  an  interface.  Use  the  no  form  of  this  command  to  remove  the  description. 

macro  description  text 

no  macro  description  text 


Syntax  Description       description  text     Enter  a  description  about  the  macros  that  are  applied  to  the  specified  interface. 


Defaults 


This  command  has  no  default  setting. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  the  description  keyword  to  associate  comment  text,  or  the  macro  name,  with  an  interface.  When 
multiple  macros  are  applied  on  a  single  interface,  the  description  text  will  be  from  the  last  applied  macro. 

This  example  shows  how  to  add  a  description  to  an  interface: 

Switch (config-if) #  macro  description  duplex  settings 

You  can  verify  your  settings  by  entering  the  show  parser  macro  description  privileged  EXEC 
command. 


Related  Commands 


Command 

Description 

macro  apply 

Applies  a  macro  on  an  interface  or  applies  and  traces  a  macro  on  an 

interface. 

macro  global 

Applies  a  macro  on  a  switch  or  applies  and  traces  a  macro  on  a  switch 

macro  global  description 

Adds  a  description  about  the  macros  that  are  applied  to  the  switch. 

macro  name 

Creates  a  macro. 

show  parser  macro 

Displays  the  macro  definition  for  all  macros  or  for  the  specified 

macro. 
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macro  global 

Use  the  macro  global  global  configuration  command  to  apply  a  macro  to  a  switch  or  to  apply  and  trace 
a  macro  configuration  on  a  switch. 

macro  global  {apply  I  trace}  macro-name  [parameter  {value}]  [parameter  {value}] 
[parameter  {value}] 


Syntax  Description      apply  Apply  a  macro  to  the  switch. 


trace 

Apply  a  macro  to  a  switch  and  to  debug  the  macro. 

macro-name 

Specify  the  name  of  the  macro. 

parameter  value 

(Optional)  Specify  unique  parameter  values  that  are  specific  to  the  switch.  You  can 

enter  up  to  three  keyword-value  pairs.  Parameter  keyword  matching  is  case 

sensitive.  All  matching  occurrences  of  the  keyword  are  replaced  with  the 

corresponding  value. 

Defaults  This  command  has  no  default  setting. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  use  the  macro  trace  macro-name  global  configuration  command  to  apply  and  to  show  the 
macros  running  on  a  switch  or  to  debug  the  macro  to  find  any  syntax  or  configuration  errors. 

If  a  command  fails  because  of  a  syntax  error  or  a  configuration  error  when  you  apply  a  macro,  the  macro 
continues  to  apply  the  remaining  commands  to  the  switch. 

When  creating  a  macro  that  requires  the  assignment  of  unique  values,  use  the  parameter  value  keywords 
to  designate  values  specific  to  the  switch. 

Keyword  matching  is  case  sensitive.  All  matching  occurrences  of  the  keyword  are  replaced  with  the 
corresponding  value.  Any  full  match  of  a  keyword,  even  if  it  is  part  of  a  larger  string,  is  considered  a 
match  and  is  replaced  by  the  corresponding  value. 

Some  macros  might  contain  keywords  that  require  a  parameter  value.  You  can  use  the  macro  global 
apply  macro-name  ?  command  to  display  a  list  of  any  required  values  in  the  macro.  If  you  apply  a  macro 
without  entering  the  keyword  values,  the  commands  are  invalid  and  are  not  applied. 

There  are  Cisco-default  Smartports  macros  embedded  in  the  switch  software.  You  can  display  these 
macros  and  the  commands  they  contain  by  using  the  show  parser  macro  user  EXEC  command. 
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Follow  these  guidelines  when  you  apply  a  Cisco-default  Smartports  macro  on  a  switch: 

•  Display  all  macros  on  the  switch  by  using  the  show  parser  macro  user  EXEC  command.  Display 
the  contents  of  a  specific  macro  by  using  the  show  parser  macro  name  macro-name  user  EXEC 
command. 

•  Keywords  that  begin  with  $  mean  that  a  unique  parameter  value  is  required.  Append  the 
Cisco-default  macro  with  the  required  values  by  using  the  parameter  value  keywords. 

The  Cisco-default  macros  use  the  $  character  to  help  identify  required  keywords.  There  is  no 
restriction  on  using  the  $  character  to  define  keywords  when  you  create  a  macro. 

When  you  apply  a  macro  to  a  switch,  the  macro  name  is  automatically  added  to  the  switch.  You  can 
display  the  applied  commands  and  macro  names  by  using  the  show  running-configuration  user  EXEC 
command. 

You  can  delete  a  global  macro-applied  configuration  on  a  switch  only  by  entering  the  no  version  of  each 
command  contained  in  the  macro. 


Examples  After  you  have  created  a  new  macro  by  using  the  macro  name  global  configuration  command,  you  can 

apply  it  to  a  switch.  This  example  shows  how  see  the  snmp  macro  and  how  to  apply  the  macro  and  set 
the  hostname  to  test-server  and  set  the  IP  precedence  value  to  7: 

Switch#  show  parser  macro  name  snmp 

Macro  name   :  snmp 

Macro  type   :  customizable 

tenable  port  security,    linkup,   and  linkdown  traps 

snmp-server  enable  traps  port-security 

snmp-server  enable  traps  linkup 

snmp-server  enable  traps  linkdown 

#set  snmp-server  host 

snmp-server  host  ADDRESS 

#set  SNMP  trap  notifications  precedence 

snmp-server  ip  precedence  VALUE 


Switch (config) #  macro  global  apply  snmp  ADDRESS  test-server  VALUE  7 

To  debug  a  macro,  use  the  macro  global  trace  global  configuration  command  to  find  any  syntax  or 
configuration  errors  in  the  macro  when  it  is  applied  to  a  switch.  In  this  example,  the  address  parameter 
value  was  not  entered,  causing  the  snmp-server  host  command  to  fail  while  the  remainder  of  the  macro 
is  applied  to  the  switch: 

Switch (config) #  macro  global  trace  snmp  VALUE  7 

Applying  command ...  1 snmp-server  enable  traps  port-security' 
Applying  command ...  1 snmp-server  enable  traps  linkup' 
Applying  command ...  1 snmp-server  enable  traps  linkdown' 
Applying  command ...  1 snmp-server  host' 
%Error  Unknown  error. 

Applying  command ...  1 snmp-server  ip  precedence  7' 
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Related  Commands      Command  Description 


macro  apply 

Applies  a  macro  on  an  interface  or  applies  and  traces  a  macro  on  an 

interface. 

macro  description 

Adds  a  description  about  the  macros  that  are  applied  to  an  interface. 

macro  global  description 

Adds  a  description  about  the  macros  that  are  applied  to  the  switch. 

macro  name 

Creates  a  macro. 

show  parser  macro 

Displays  the  macro  definition  for  all  macros  or  for  the  specified 

macro. 
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macro  global  description 


Use  the  macro  global  description  global  configuration  command  to  enter  a  description  about  the 
macros  that  are  applied  to  the  switch.  Use  the  no  form  of  this  command  to  remove  the  description. 

macro  global  description  text 

no  macro  global  description  text 


Syntax  Description      description  text     Enter  a  description  about  the  macros  that  are  applied  to  the  switch. 


Defaults 


This  command  has  no  default  setting. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  the  description  keyword  to  associate  comment  text,  or  the  macro  name,  with  a  switch.  When 
multiple  macros  are  applied  on  a  switch,  the  description  text  will  be  from  the  last  applied  macro. 

This  example  shows  how  to  add  a  description  to  a  switch: 

Switch (config) #  macro  global  description  udld  aggressive  mode  enabled 

You  can  verify  your  settings  by  entering  the  show  parser  macro  description  privileged  EXEC 
command. 


Related  Commands  Command 


Description 


macro  apply 

Applies  a  macro  on  an  interface  or  applies  and  traces  a  macro  on  an 
interface. 

macro  description 

Adds  a  description  about  the  macros  that  are  applied  to  an  interface. 

macro  global 

Applies  a  macro  on  a  switch  or  applies  and  traces  a  macro  on  a  switch. 

macro  name 

Creates  a  macro. 

show  parser  macro 

Displays  the  macro  definition  for  all  macros  or  for  the  specified  macro. 
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macro  name 


Use  the  macro  name  global  configuration  command  to  create  a  configuration  macro.  Use  the  no  form 
of  this  command  to  delete  the  macro  definition. 


macro  name  macro-name 


no  macro  name  macro-name 


Syntax  Description  macro-name 


Name  of  the  macro. 


Defaults 


This  command  has  no  default  setting. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


A  macro  can  contain  up  to  3000  characters.  Enter  one  macro  command  per  line.  Use  the  @  character  to 
end  the  macro.  Use  the  #  character  at  the  beginning  of  a  line  to  enter  comment  text  within  the  macro. 

You  can  define  mandatory  keywords  within  a  macro  by  using  a  help  string  to  specify  the  keywords.  Enter 
#  macro  keywords  word  to  define  the  keywords  that  are  available  for  use  with  the  macro.  You  can  enter 
up  to  three  help  string  keywords  separated  by  a  space.  If  you  enter  more  than  three  macro  keywords,  only 
the  first  three  are  shown. 

Macro  names  are  case  sensitive.  For  example,  the  commands  macro  name  Sample-Macro  and  macro 
name  sample-macro  will  result  in  two  separate  macros. 

When  creating  a  macro,  do  not  use  the  exit  or  end  commands  or  change  the  command  mode  by  using 
interface  interface-id.  This  could  cause  commands  that  follow  exit,  end,  or  interface  interface-id  to 
execute  in  a  different  command  mode. 

The  no  form  of  this  command  only  deletes  the  macro  definition.  It  does  not  affect  the  configuration  of 
those  interfaces  on  which  the  macro  is  already  applied.  You  can  delete  a  macro-applied  configuration  on 
an  interface  by  entering  the  default  interface  interface-id  interface  configuration  command. 
Alternatively,  you  can  create  an  anti-macro  for  an  existing  macro  that  contains  the  no  form  of  all  the 
corresponding  commands  in  the  original  macro.  Then  apply  the  anti-macro  to  the  interface. 

You  can  modify  a  macro  by  creating  a  new  macro  with  the  same  name  as  the  existing  macro.  The  newly 
created  macro  overwrites  the  existing  macro  but  does  not  affect  the  configuration  of  those  interfaces  on 
which  the  original  macro  was  applied. 
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Examples  This  example  shows  how  to  create  a  macro  that  defines  the  duplex  mode  and  speed: 

Switch (config) #  macro  name  duplex 

Enter  macro  commands  one  per  line.   End  with  the  character   1 @' . 
duplex  full 
speed  auto 
@ 

This  example  shows  how  to  create  a  macro  with  #  macro  keywords: 

Switch (config) #  macro  name  test 

switchport  access  vlan  $VLANID 
switchport  port-security  maximum  $MAX 
tmacro  keywords  $VLANID  $MAX 
@ 

This  example  shows  how  to  display  the  mandatory  keyword  values  before  you  apply  the  macro  to  an 
interface: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  macro  apply  test  ? 

WORD     keyword  to  replace  with  a  value  e.g     $VLANID, $MAX 
<cr> 

Switch (config-if ) #  macro  apply  test  $VLANID  ? 

WORD    Value  of  first  keyword  to  replace 

Switch (config-if ) #  macro  apply  test  $VLANID  2 

WORD     keyword  to  replace  with  a  value  e.g     $VLANID, $MAX 
<cr> 

Switch (config-if ) #  macro  apply  test  $VLANID  2  $MAX  ? 

WORD    Value  of  second  keyword  to  replace 


Related  Commands      Command  Description 


macro  apply 

Applies  a  macro  on  an  interface  or  applies  and  traces  a  macro  on  an 

interface. 

macro  description 

Adds  a  description  about  the  macros  that  are  applied  to  an  interface. 

macro  global 

Applies  a  macro  on  a  switch  or  applies  and  traces  a  macro  on  a  switch. 

macro  global  description 

Adds  a  description  about  the  macros  that  are  applied  to  the  switch. 

show  parser  macro 

Displays  the  macro  definition  for  all  macros  or  for  the  specified  macro. 
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match  (access-map  configuration) 

Use  the  match  access-map  configuration  command  to  set  the  VLAN  map  to  match  packets  against  one 
or  more  access  lists.  Use  the  no  form  of  this  command  to  remove  the  match  parameters. 

match  {ip  address  {name  I  number}  [name  I  number]  [name  I  number]...}  I  {mac  address  {name} 
[name]  [name]...} 

no  match  {ip  address  {name  I  number]  [name  I  number]  [name  I  number]...}  I  {mac  address 
{name}  [name]  [name]...} 


Syntax  Description      ip  address        Set  the  access  map  to  match  packets  against  an  IP  address  access  list. 


mac  address 

Set  the  access  map  to  match  packets  against  a  MAC  address  access  list. 

name 

Name  of  the  access  list  to  match  packets  against. 

number 

Number  of  the  access  list  to  match  packets  against.  This  option  is  not  valid  for  MAC 

access  lists. 

Defaults  The  default  action  is  to  have  no  match  parameters  applied  to  a  VLAN  map. 


Command  Modes        Access-map  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       You  enter  access-map  configuration  mode  by  using  the  vlan  access-map  global  configuration  command. 

You  must  enter  one  access  list  name  or  number;  others  are  optional.  You  can  match  packets  against  one 
or  more  access  lists.  Matching  any  of  the  lists  counts  as  a  match  of  the  entry. 

In  access-map  configuration  mode,  use  the  match  command  to  define  the  match  conditions  for  a  VLAN 
map  applied  to  a  VLAN.  Use  the  action  command  to  set  the  action  that  occurs  when  the  packet  matches 
the  conditions. 

Packets  are  matched  only  against  access  lists  of  the  same  protocol  type;  IP  packets  are  matched  against 
IP  access  lists,  and  all  other  packets  are  matched  against  MAC  access  lists. 

Both  IP  and  MAC  addresses  can  be  specified  for  the  same  map  entry. 
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Examples  This  example  shows  how  to  define  and  apply  a  VLAN  access  map  vmap4  to  VLANs  5  and  6  that  will 

cause  the  interface  to  drop  an  IP  packet  if  the  packet  matches  the  conditions  defined  in  access  list  al2. 

Switch (config) #  vlan  access-map  vmap4 
Switch (conf ig-access-map) #  match  ip  address  al2 
Switch (conf ig-access-map) #  action  drop 
Switch(config-access-map) #  exit 

Switch (conf ig) #  vlan  filter  vmap4  vlan-list  5-6 

You  can  verify  your  settings  by  entering  the  show  vlan  access-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


access-list 

Configures  a  standard  numbered  ACL.  For  syntax  information,  select 

Cisco  IOS  IP  Command  Reference,  Volume  1  of  3:Addressing  and 

Services,  Release  12.2  >  IP  Services  Commands. 

action 

Specifies  the  action  to  be  taken  if  the  packet  matches  an  entry  in  an 

access  control  list  (ACL). 

ip  access  list 

Creates  a  named  access  list.  For  syntax  information,  select  Cisco  IOS 

IP  Command  Reference,  Volume  1  of  3: Addressing  and  Services, 

Release  12.2  >  IP  Services  Commands. 

mac  access-list  extended 

Creates  a  named  MAC  address  access  list. 

show  vlan  access-map 

Displays  the  VLAN  access  maps  created  on  the  switch. 

vlan  access-map 

Creates  a  VLAN  access  map. 
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match  (class-map  configuration)  W, 


match  (class-map  configuration) 


Use  the  match  class-map  configuration  command  to  define  the  match  criteria  to  classify  traffic.  Use  the 
no  form  of  this  command  to  remove  the  match  criteria. 

match  {access-group  acl-index-or-name  I  input-interface  interface-id-list  I  ip  dscp  dscp-list  I  ip 
precedence  ip-precedence-list} 

no  match  {access-group  acl-index-or-name  I  input-interface  interface-id-list  I  ip  dscp  dscp-list  I 
ip  precedence  ip-precedence-list} 


Syntax  Description  access-group 

acl-index-or-name 


input-interface 

interface-id-list 


ip  dscp  dscp-list 


ip  precedence 

ip-precedence-list 


Number  or  name  of  an  IP  standard  or  extended  access  control  list  (ACL)  or 
MAC  ACL.  For  an  IP  standard  ACL,  the  ACL  index  range  is  1  to  99  and  1300 
to  1999.  For  an  IP  extended  ACL,  the  ACL  index  range  is  100  to  199 
and  2000  to  2699. 

Specify  the  physical  ports  to  which  the  interface-level  class  map  in  a 
hierarchical  policy  map  applies.  This  command  can  only  be  used  in  the 
child-level  policy  map  and  must  be  the  only  match  condition  in  the 
child-level  policy  map.  You  can  specify  up  to  six  entries  in  the  list  by 
specifying  a  port  (counts  as  one  entry),  a  list  of  ports  separated  by  a  space 
(each  port  counts  as  an  entry),  or  a  range  of  ports  separated  by  a  hyphen 
(counts  as  two  entries). 

List  of  up  to  eight  IP  Differentiated  Services  Code  Point  (DSCP)  values  to 
match  against  incoming  packets.  Separate  each  value  with  a  space.  The  range 
is  0  to  63.  You  also  can  enter  a  mnemonic  name  for  a  commonly-used  value. 

List  of  up  to  eight  IP-precedence  values  to  match  against  incoming  packets. 
Separate  each  value  with  a  space.  The  range  is  0  to  7.  You  also  can  enter  a 
mnemonic  name  for  a  commonly-used  value 


Defaults 


No  match  criteria  are  defined. 


Command  Modes        Class-map  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


The  match  command  is  used  to  specify  which  fields  in  the  incoming  packets  are  examined  to  classify 
the  packets.  Only  the  IP  access  group  or  the  MAC  access  group  matching  to  the  Ether  Type/Len  are 
supported. 

To  define  packet  classification  on  a  physical-port  basis,  only  one  match  command  per  class  map  is 
supported.  In  this  situation,  the  match-all  and  match-any  keywords  are  equivalent. 
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For  the  match  ip  dscp  dscp-list  or  the  match  ip  precedence  ip-precedence-list  command,  you  can  enter 
a  mnemonic  name  for  a  commonly  used  value.  For  example,  you  can  enter  the  match  ip  dscp  afll 
command,  which  is  the  same  as  entering  the  match  ip  dscp  10  command.  You  can  enter  the  match  ip 
precedence  critical  command,  which  is  the  same  as  entering  the  match  ip  precedence  5  command.  For 
a  list  of  supported  mnemonics,  enter  the  match  ip  dscp  ?  or  the  match  ip  precedence  ?  command  to 
see  the  command-line  help  strings. 

Use  the  input-interface  interface-id-list  keyword  when  you  are  configuring  an  interface-level  class  map 
in  a  hierarchical  policy  map.  For  the  interface-id-list,  you  can  specify  up  to  six  entries. 


Examples  This  example  shows  how  to  create  a  class  map  called  class2,  which  matches  all  the  incoming  traffic  with 

DSCP  values  of  10,  11,  and  12: 

Switch (config) #  class-map  class2 

Switch (conf ig-cmap) #  match  ip  dscp  10  11  12 

Switch (conf ig-cmap) #  exit 

This  example  shows  how  to  create  a  class  map  called  class3,  which  matches  all  the  incoming  traffic  with 
IP-precedence  values  of  5,  6,  and  7: 

Switch(conf ig) #  class-map  class3 

Switch (conf ig-cmap) #  match  ip  precedence  5  6  7 

Switch (conf ig-cmap) #  exit 

This  example  shows  how  to  delete  the  IP-precedence  match  criteria  and  to  classify  traffic  using  acll: 

Switch (conf ig) #  class-map  class2 
Switch (conf ig-cmap) #  match  ip  precedence  5  6  7 
Switch (conf ig-cmap) #  no  match  ip  precedence 
Switch (conf ig-cmap) #  match  access-group  acll 

Switch (conf ig-cmap) #  exit 

This  example  shows  how  to  specify  a  list  of  physical  ports  to  which  an  interface-level  class  map  in  a 
hierarchical  policy  map  applies: 

Switch (conf ig) #  class-map  match-all  class4 

Switch ( conf ig-cmap) #  match  input -interface  gigabitethernetO/1  gigabitethernet0/2 

Switch (conf ig-cmap) #  exit 

This  example  shows  how  to  specify  a  range  of  physical  ports  to  which  an  interface-level  class  map  in  a 
hierarchical  policy  map  applies: 

Switch(conf ig) #  class-map  match-all  class4 

Switch(config-cmap) #  match  input -interface  gigabitethernetO/1  -  gigabitethernetO/5 

Switch (conf ig-cmap) #  exit 

You  can  verify  your  settings  by  entering  the  show  class-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class-map 

Creates  a  class  map  to  be  used  for  matching  packets  to  the  class  whose  name 

you  specify. 

show  class-map 

Displays  quality  of  service  (QoS)  class  maps. 

2-194 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Chapter  2    CGESM  Switch  Cisco  IPS  Commands 


mdix  auto  HI 


mdix  auto 

Use  the  mdix  auto  interface  configuration  command  to  enable  the  automatic  medium-dependent 
interface  crossover  (auto-MDIX)  feature  on  the  interface.  When  auto-MDIX  is  enabled,  the  interface 
automatically  detects  the  required  cable  connection  type  (straight-through  or  crossover)  and  configures 
the  connection  appropriately.  Use  the  no  form  of  this  command  to  disable  auto-MDIX. 

mdix  auto 

no  mdix  auto 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Auto-MDIX  is  enabled. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        When  you  enable  auto-MDIX  on  an  interface,  you  must  also  set  the  interface  speed  and  duplex  to  auto 
so  that  the  feature  operates  correctly. 

When  auto-MDIX  (and  autonegotiation  of  speed  and  duplex)  is  enabled  on  one  or  both  of  connected 
interfaces,  link  up  occurs,  even  if  the  cable  type  (straight-through  or  crossover)  is  incorrect. 

Auto-MDIX  is  supported  on  all  10/100/1000  Mb/s  interfaces  and  on  10/100/1000BASE-T  small 
form-factor  pluggable  (SFP)  module  interfaces. 


Examples  This  example  shows  how  to  enable  auto-MDIX  on  a  port: 

Switch*  configure  terminal 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  speed  auto 
Switch (config-if) #  duplex  auto 
Switch (config-if ) #  mdix  auto 
Switch(config-if ) #  end 

You  can  verify  the  operational  state  of  auto-MDIX  on  the  interface  by  entering  the  show  controllers 
ethernet-controller  interface-id  phy  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  controllers  Displays  general  information  about  internal  registers  of  an  interface, 

ethernet-controller  including  the  operational  state  of  auto-MDIX. 
interface-id  phy 
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mis  qos 


mis  qos 


Use  the  mis  qos  global  configuration  command  to  enable  quality  of  service  (QoS)  for  the  entire  switch. 
When  the  mis  qos  command  is  entered,  QoS  is  enabled  with  the  default  parameters  on  all  ports  in  the 
system.  Use  the  no  form  of  this  command  to  reset  all  the  QoS-related  statistics  and  to  disable  the  QoS 
features  for  the  entire  switch. 

mis  qos 

no  mis  qos 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


QoS  is  disabled.  There  is  no  concept  of  trusted  or  untrusted  ports  because  the  packets  are  not  modified 
(the  CoS,  DSCP,  and  IP  precedence  values  in  the  packet  are  not  changed).  Traffic  is  switched  in 
pass-through  mode  (packets  are  switched  without  any  rewrites  and  classified  as  best  effort  without  any 
policing). 

When  QoS  is  enabled  with  the  mis  qos  global  configuration  command  and  all  other  QoS  settings  are  set 
to  their  defaults,  traffic  is  classified  as  best  effort  (the  DSCP  and  CoS  value  is  set  to  0)  without  any 
policing.  No  policy  maps  are  configured.  The  default  port  trust  state  on  all  ports  is  untrusted.  The  default 
ingress  and  egress  queue  settings  are  in  effect. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


QoS  must  be  globally  enabled  to  use  QoS  classification,  policing,  mark  down  or  drop,  queueing,  and 
traffic  shaping  features.  You  can  create  a  policy-map  and  attach  it  to  a  port  before  entering  the  mis  qos 
command.  However,  until  you  enter  the  mis  qos  command,  QoS  processing  is  disabled. 

Policy-maps  and  class-maps  used  to  configure  QoS  are  not  deleted  from  the  configuration  by  the  no  mis 
qos  command,  but  entries  corresponding  to  policy  maps  are  removed  from  the  switch  hardware  to  save 
system  resources.  To  re-enable  QoS  with  the  previous  configurations,  use  the  mis  qos  command. 

Toggling  the  QoS  status  of  the  switch  with  this  command  modifies  (reallocates)  the  sizes  of  the  queues. 
During  the  queue  size  modification,  the  queue  is  temporarily  shut  down  during  the  hardware 
reconfiguration,  and  the  switch  drops  newly  arrived  packets  for  this  queue. 


Examples 


This  example  shows  how  to  enable  QoS  on  the  switch: 

Switch (config) #  mis  qos 

You  can  verify  your  settings  by  entering  the  show  mis  qos  privileged  EXEC  command. 
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mis  qos 


Related  Commands      Command  Description 


show  mis  qos  Displays  QoS  information. 
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mis  qos  aggregate-policer  I 


mis  qos  aggregate-policer 

Use  the  mis  qos  aggregate-policer  global  configuration  command  to  define  policer  parameters,  which 
can  be  shared  by  multiple  classes  within  the  same  policy  map.  A  policer  defines  a  maximum  permissible 
rate  of  transmission,  a  maximum  burst  size  for  transmissions,  and  an  action  to  take  if  either  maximum 
is  exceeded.  Use  the  no  form  of  this  command  to  delete  an  aggregate  policer. 

mis  qos  aggregate-policer  aggregate-policer-name  rate-bps  burst-byte  exceed-action  { drop  I 
policed-dscp-transmit } 

no  mis  qos  aggregate-policer  aggregate-policer-name 


Syntax  Description       aggregate-policer-name         Name  of  the  aggregate  policer  referenced  by  the  police  aggregate 

policy-map  class  configuration  command. 


rate-bps 

Specify  the  average  traffic  rate  in  bits  per  second  (b/s).  The  range 

is  8000  to  1000000000. 

burst-byte 

Specify  the  normal  burst  size  in  bytes.  The  range  is  8000  to  1000000. 

exceed-action  drop 

When  the  specified  rate  is  exceeded,  specify  that  the  switch  drop  the 

packet. 

exceed-action 

When  the  specified  rate  is  exceeded,  specify  that  the  switch  change  the 

policed-dscp-transmit 

Differentiated  Services  Code  Point  (DSCP)  of  the  packet  to  that 

specified  in  the  policed-DSCP  map  and  then  send  the  packet. 

Defaults  No  aggregate  policers  are  defined. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Define  an  aggregate  policer  if  the  policer  is  shared  with  multiple  classes. 

Policers  for  a  port  cannot  be  shared  with  other  policers  for  another  port;  traffic  from  two  different  ports 
cannot  be  aggregated  for  policing  purposes. 

The  port  ASIC  device,  which  controls  more  than  one  physical  port,  supports256  policers  (255 
user-configurable  policers  plus  1  policer  reserved  for  internal  use).  The  maximum  number  of 
user-configurable  policers  supported  per  port  is  63.  Policers  are  allocated  on  demand  by  the  software  and 
are  constrained  by  the  hardware  and  ASIC  boundaries.  You  cannot  reserve  policers  per  port  (there  is  no 
guarantee  that  a  port  will  be  assigned  to  any  policer). 

You  apply  an  aggregate  policer  to  multiple  classes  in  the  same  policy  map;  you  cannot  use  an  aggregate 
policer  across  different  policy  maps. 
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You  cannot  delete  an  aggregate  policer  if  it  is  being  used  in  a  policy  map.  You  must  first  use  the  no  police 
aggregate  aggregate-policer-name  policy-map  class  configuration  command  to  delete  the  aggregate 
policer  from  all  policy  maps  before  using  the  no  mis  qos  aggregate-policer  aggregate-policer-name 
command. 

Policing  uses  a  token-bucket  algorithm.  You  configure  the  bucket  depth  (the  maximum  burst  that  is 
tolerated  before  the  bucket  overflows)  by  using  the  burst-byte  option  of  the  police  policy-map  class 
configuration  command  or  the  mis  qos  aggregate-policer  global  configuration  command.  You  configure 
how  fast  (the  average  rate)  that  the  tokens  are  removed  from  the  bucket  by  using  the  rate-bps  option  of 
the  police  policy-map  class  configuration  command  or  the  mis  qos  aggregate-policer  global 
configuration  command.  For  more  information,  see  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  define  the  aggregate  policer  parameters  and  how  to  apply  the  policer  to 

multiple  classes  in  a  policy  map: 

Switch (config) #  mis  qos  aggregate-policer  aggjpolicerl  1000000  1000000  exceed-action  drop 

Switch (config) #  policy-map  policy2 
Switch(conf ig-pmap) #  class  classl 

Switch ( conf ig-pmap-c ) #  police  aggregate  agg_policerl 

Switch (conf ig-pmap-c) #  exit 
Switch (conf ig-pmap) #  class  class2 
Switch (conf ig-pmap-c ) #  set  dscp  10 

Switch (conf ig-pmap-c ) #  police  aggregate  agg_policerl 

Switch (conf ig-pmap-c) #  exit 
Switch (conf ig-pmap) #  class  class3 
Switch ( conf ig-pmap-c ) #  trust  dscp 

Switch ( conf ig-pmap-c ) #  police  aggregate  agg_policer2 

Switch ( conf ig-pmap-c ) #  exit 

You  can  verify  your  settings  by  entering  the  show  mis  qos  aggregate-policer  privileged  EXEC 
command. 


Related  Commands      Command  Description 

police  aggregate  Creates  a  policer  that  is  shared  by  different  classes. 

show  mis  qos  aggregate-policer       Displays  the  quality  of  service  (QoS)  aggregate  policer 

configuration. 
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mis  qos  cos  I 


mis  qos  cos 


Use  the  mis  qos  cos  interface  configuration  command  to  define  the  default  class  of  service  (CoS)  value 
of  a  port  or  to  assign  the  default  CoS  to  all  incoming  packets  on  the  port.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

mis  qos  cos  {default-cos  I  override} 

no  mis  qos  cos  {default-cos  I  override} 


Syntax  Description  default-cos 


Assign  a  default  CoS  value  to  a  port.  If  packets  are  untagged,  the  default  CoS  value 
becomes  the  packet  CoS  value.  The  CoS  range  is  0  to  7. 

override  Override  the  CoS  of  the  incoming  packets,  and  apply  the  default  CoS  value  on  the 

port  to  all  incoming  packets. 


Defaults 


The  default  CoS  value  for  a  port  is  0. 
CoS  override  is  disabled. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  can  use  the  default  value  to  assign  a  CoS  and  Differentiated  Services  Code  Point  (DSCP)  value  to 
all  incoming  packets  that  are  untagged  (if  the  incoming  packet  does  not  have  a  CoS  value).  You  also  can 
assign  a  default  CoS  and  DSCP  value  to  all  incoming  packets  by  using  the  override  keyword. 

Use  the  override  keyword  when  all  incoming  packets  on  certain  ports  deserve  higher  or  lower  priority 
than  packets  entering  from  other  ports.  Even  if  a  port  is  previously  set  to  trust  DSCP,  CoS,  or  IP 
precedence,  this  command  overrides  the  previously  configured  trust  state,  and  all  the  incoming  CoS 
values  are  assigned  the  default  CoS  value  configured  with  the  mis  qos  cos  command.  If  an  incoming 
packet  is  tagged,  the  CoS  value  of  the  packet  is  modified  with  the  default  CoS  of  the  port  at  the 
ingress  port. 
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Examples  This  example  shows  how  to  configure  the  default  port  CoS  to  4  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  mis  qos  trust  cos 
Switch (config-if) #  mis  qos  cos  4 

This  example  shows  how  to  assign  all  the  packets  entering  a  port  to  the  default  port  CoS  value  of  4 
on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch(config-if ) #  mis  qos  cos  4 
Switch(config-if ) #  mis  qos  cos  override 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  mis  qos  interface  Displays  quality  of  service  (QoS)  information. 
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mis  qos  dscp-mutation 


Use  the  mis  qos  dscp-mutation  interface  configuration  command  to  apply  a  Differentiated  Services 
Code  Point  (DSCP)-to-DSCP-mutation  map  to  a  DSCP-trusted  port.  Use  the  no  form  of  this  command 
to  return  the  map  to  the  default  settings  (no  DSCP  mutation). 

mis  qos  dscp-mutation  dscp-mutation-name 

no  mis  qos  dscp-mutation  dscp-mutation-name 


Syntax  Description  dscp-mutation-name 


Name  of  the  DSCP-to-DSCP-mutation  map.  This  map  was  previously 
defined  with  the  mis  qos  map  dscp-mutation  global  configuration 
command. 


Defaults 


The  default  DSCP-to-DSCP-mutation  map  is  a  null  map,  which  maps  incoming  DSCPs  to  the  same 
DSCP  values. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  two  quality  of  service  (QoS)  domains  have  different  DSCP  definitions,  use  the 
DSCP-to-DSCP-mutation  map  to  translate  one  set  of  DSCP  values  to  match  the  definition  of  another 
domain.  You  apply  the  DSCP-to-DSCP-mutation  map  to  the  receiving  port  (ingress  mutation)  at  the 
boundary  of  a  quality  of  service  (QoS)  administrative  domain. 

With  ingress  mutation,  the  new  DSCP  value  overwrites  the  one  in  the  packet,  and  QoS  handles  the  packet 
with  this  new  value.  The  switch  sends  the  packet  out  the  port  with  the  new  DSCP  value. 

You  can  configure  multiple  DSCP-to-DSCP-mutation  maps  on  ingress  ports. 

You  apply  the  map  only  to  DSCP-trusted  ports.  If  you  apply  the  DSCP  mutation  map  to  an  untrusted 
port,  to  class  of  service  (CoS)  or  IP-precedence  trusted  port,  the  command  has  no  immediate  effect  until 
the  port  becomes  DSCP-trusted. 


Examples 


This  example  shows  how  to  define  the  DSCP-to-DSCP-mutation  map  named  dscpmutationl and  to  apply 
the  map  to  a  port: 

Switch (config) #  mis  qos  map  dscp-mutation  dscpmutationl  10  11  12  13  to  30 
Switch(conf ig) #  interface  gigabitethernetO/1 
Switch (config-if) #  mis  qos  trust  dscp 

Switch (config-if) #  mis  qos  dscp-mutation  dscpmutationl 
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This  example  show  how  to  remove  the  DSCP-to-DSCP-mutation  map  name  dscpmutationl  from  the  port 
and  to  reset  the  map  to  the  default: 

Switch ( config-if ) #  no  mis  qos  dscp-mutation  dscpmutationl 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps  privileged  EXEC  command. 


Related  Commands      Command  Description 


mis  qos  map  dscp-mutation 

Defines  the  DSCP-to-DSCP-mutation  map. 

mis  qos  trust 

Configures  the  port  trust  state. 

show  mis  qos  maps 

Displays  QoS  mapping  information. 
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mis  qos  map 

Use  the  mis  qos  map  global  configuration  command  to  define  the  class  of  service 
(CoS)-to-Differentiated  Services  Code  Point  (DSCP)  map,  DSCP-to-CoS  map,  the 
DSCP-to-DSCP-mutation  map,  the  IP-precedence-to-DSCP  map,  and  the  policed-DSCP  map.  Use  the 
no  form  of  this  command  to  return  to  the  default  map. 

mis  qos  map  {cos-dscp  dscpl...dscp8  I  dscp-cos  dscp-list  to  cos  I  dscp-mutation 

dscp-mutation-name  in-dscp  to  out-dscp  I  ip-prec-dscp  dscpl...dscp8  I  policed-dscp  dscp-list 
to  mark-down-dscp} 

no  mis  qos  map  {cos-dscp  I  dscp-cos  I  dscp-mutation  dscp-mutation-name  I  ip-prec-dscp  I 
policed-dscp} 


Syntax  Description      cos-dscp  dscpl...dscp8 


dscp-cos  dscp-list  to 
cos 


dscp-mutation 

dscp-mutation-name 
in-dscp  to  out-dscp 


ip-prec-dscp 

dscpl...dscp8 


Define  the  CoS-to-DSCP  map. 

For  dscpl...dscp8,  enter  eight  DSCP  values  that  correspond  to  CoS  values  0 
to  7.  Separate  each  DSCP  value  with  a  space.  The  range  is  0  to  63. 

Define  the  DSCP-to-CoS  map. 

For  dscp-list,  enter  up  to  eight  DSCP  values,  with  each  value  separated  by  a 
space.  The  range  is  0  to  63.  Then  enter  the  to  keyword. 

For  cos,  enter  a  single  CoS  value  to  which  the  DSCP  values  correspond.  The 
range  is  0  to  7. 

Define  the  DSCP-to-DSCP-mutation  map. 

For  dscp-mutation-name,  enter  the  mutation  map  name. 

For  in-dscp,  enter  up  to  eight  DSCP  values,  with  each  value  separated  by  a 
space.  Then  enter  the  to  keyword. 

For  out-dscp,  enter  a  single  DSCP  value. 

The  range  is  0  to  63. 

Define  the  IP-precedence-to-DSCP  map. 

For  dscpl...dscp8,  enter  eight  DSCP  values  that  correspond  to  the  IP 
precedence  values  0  to  7.  Separate  each  DSCP  value  with  a  space.  The  range 
is  0  to  63. 


policed-dscp  dscp-list 

Define  the  policed-DSCP  map. 

to  mark-down-dscp 

For  dscp-list,  enter  up  to  eight  DSCP  values,  with  each  value  separated  by  a 

space.  Then  enter  the  to  keyword. 

For  mark-down-dscp,  enter  the  corresponding  policed  (marked  down)  DSCP 

value. 

The  range  is  0  to  63. 
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Defaults  Table  2-6  shows  the  default  CoS-to-DSCP  map: 

Table  2-6    Default  CoS-to-DSCP  Map 


CoS  Value 

DSCP  Value 

0 

0 

1 

8 

2 

16 

3 

24 

4 

32 

5 

40 

6 

48 

7 

56 

Table  2-7  shows  the  default  DSCP-to-CoS  map: 


Table  2-7    Default  DSCP-to-CoS  Map 


DSCP  Value 

CoS  Value 

0-7 

0 

8-15 

1 

16-23 

2 

24-31 

3 

32-39 

4 

40-47 

5 

48-55 

6 

56-63 

7 

Table  2-8  shows  the  default  IP-precedence-to-DSCP  map: 


Table  2-8    Default  IP-Precedence-to-DSCP  Map 


IP  Precedence  Value 

DSCP  Value 

0 

0 

1 

8 

2 

16 

3 

24 

4 

32 

5 

40 

6 

48 

7 

56 
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The  default  DSCP-to-DSCP-mutation  map  is  a  null  map,  which  maps  an  incoming  DSCP  value  to  the 
same  DSCP  value. 

The  default  policed-DSCP  map  is  a  null  map,  which  maps  an  incoming  DSCP  value  to  the  same  DSCP 
value. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       All  the  maps  are  globally  defined.  All  the  maps,  except  the  DSCP-to-DSCP-mutation  map,  are  applied 
to  all  ports.  The  DSCP-to-DSCP-mutation  map  is  applied  to  a  specific  port. 


Examples  This  example  shows  how  to  define  the  IP-precedence-to-DSCP  map  and  to  map  IP-precedence  values  0 

to  7  to  DSCP  values  of  0,  10,  20,  30,  40,  50,  55,  and  60: 

Switch#  configure  terminal 

Switch (config) #  mis  qos  map  ip-prec-dscp  0  10  20  30  40  50  55  60 

This  example  shows  how  to  define  the  policed-DSCP  map.  DSCP  values  1,  2,  3,  4,  5,  and  6  are  marked 
down  to  DSCP  value  0.  Marked  DSCP  values  that  not  explicitly  configured  are  not  modified: 

Switch#  configure  terminal 

Switch (config) #  mis  qos  map  policed-dscp  123456  to  0 

This  example  shows  how  to  define  the  DSCP-to-CoS  map.  DSCP  values  20,  21,  22,  23,  and  24  are 
mapped  to  CoS  1.  DSCP  values  10,  11,  12,  13,  14,  15,  16,  and  17  are  mapped  to  CoS  0: 

Switch#  configure  terminal 

Switch (config) #  mis  qos  map  dscp-cos  20  21  22  23  24  to  1 

Switch (config) #  mis  qos  map  dscp-cos  10  11  12  13  14  15  16  17  to  0 

This  example  shows  how  to  define  the  CoS-to-DSCP  map.  CoS  values  0  to  7  are  mapped  to  DSCP  values 
0,  5,  10,  15,  20,  25,  30,  and  35: 

Switch#  configure  terminal 

Switch (config) #  mis  qos  map  cos-dscp  0  5  10  15  20  25  30  35 

This  example  shows  how  to  define  the  DSCP-to-DSCP-mutation  map.  All  the  entries  that  are  not 
explicitly  configured  are  not  modified  (remain  as  specified  in  the  null  map): 

Switch#  configure  terminal 

Switch (config) #  mis  qos  map  dscp-mutation  mutationl  1234567  to  10 

Switch (config) #  mis  qos  map  dscp-mutation  mutationl  8  9  10  11  12  13  to  10 

Switch (config) #  mis  qos  map  dscp-mutation  mutationl  20  21  22  to  20 

Switch (config) #  mis  qos  map  dscp-mutation  mutationl  0  31  32  33  34  to  30 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps  privileged  EXEC  command. 
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Related  Commands 


Command 

Description 

mis  qos  dscp-mutation 

Applies  a  DSCP-to-DSCP-mutation  map  to  a  DSCP-trusted  port. 

show  mis  qos  maps 

Displays  quality  of  service  (QoS)  mapping  information. 
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mis  qos  queue-set  output  buffers 


Use  the  mis  qos  queue-set  output  buffers  global  configuration  command  to  allocate  buffers  to  a 
queue-set  (four  egress  queues  per  port).  Use  the  no  form  of  this  command  to  return  to  the  default  setting 

mis  qos  queue-set  output  qset-id  buffers  allocationl  ...  allocation4 

no  mis  qos  queue-set  output  qset-id  buffers 


Syntax  Description  qset-id 


allocationl  . 
allocation4 


ID  of  the  queue-set.  Each  port  belongs  to  a  queue-set,  which  defines  all  the 
characteristics  of  the  four  egress  queues  per  port.  The  range  is  1  to  2. 

Buffer  space  allocation  (percentage)  for  each  queue  (four  values  for  queues  1  to  4). 
For  allocationl ,  allocation3,  and  allocation4,  the  range  is  0  to  99.  For  allocation! , 
the  range  is  1  to  100  (including  the  CPU  buffer).  Separate  each  value  with  a  space. 


Defaults 


All  allocation  values  are  equally  mapped  among  the  four  queues  (25,  25,  25,  25).  Each  queue  has  1/4  of 
the  buffer  space. 


Command  Modes 


Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Specify  four  allocation  values,  and  separate  each  with  a  space. 

Allocate  buffers  according  to  the  importance  of  the  traffic;  for  example,  give  a  large  percentage  of  the 
buffer  to  the  queue  with  the  highest-priority  traffic. 

To  configure  different  classes  of  traffic  with  different  characteristics,  use  this  command  with  the  mis  qos 
queue-set  output  qset-id  threshold  global  configuration  command. 


Note 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  QoS 
solution. 


Examples 


This  example  shows  how  to  map  a  port  to  queue-set  2.  It  allocates  40  percent  of  the  buffer  space  to  egress 
queue  1  and  20  percent  to  egress  queues  2,  3,  and  4: 

Switch (config) #  mis  qos  queue-set  output  2  buffers  40  20  20  20 
Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  queue-set  2 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  buffers  or  the  show 
mis  qos  queue-set  privileged  EXEC  command. 
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Related  Commands      Command  Description 


mis  qos  queue-set  output  threshold 

Configures  the  weighted  tail-drop  (WTD)  thresholds, 

guarantees  the  availability  of  buffers,  and  configures  the 

maximum  memory  allocation  to  a  queue-set. 

queue-set 

Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  buffers 

Displays  quality  of  service  (QoS)  information. 

show  mis  qos  queue-set 

Displays  egress  queue  settings  for  the  queue-set. 
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mis  qos  queue-set  output  threshold 


Use  the  mis  qos  queue-set  output  threshold  global  configuration  command  to  configure  the  weighted 
tail-drop  (WTD)  thresholds,  to  guarantee  the  availability  of  buffers,  and  to  configure  the  maximum 
memory  allocation  to  a  queue-set  (four  egress  queues  per  port).  Use  the  no  form  of  this  command  to 
return  to  the  default  setting. 

mis  qos  queue-set  output  qset-id  threshold  queue-id  drop-thresholdl  drop-threshold2 
reserved-threshold  maximum-threshold 

no  mis  qos  queue-set  output  qset-id  threshold  [queue-id] 


Syntax  Description  qset-id 


queue-id 


drop-thresholdl 
drop -threshold! 


reserved-threshold 


maximum-threshold 


ID  of  the  queue-set.  Each  port  belongs  to  a  queue-set,  which  defines  all  the 
characteristics  of  the  four  egress  queues  per  port.  The  range  is  1  to  2. 

Specific  queue  in  the  queue-set  on  which  the  command  is  performed.  The 
range  is  1  to  4. 

Two  WTD  thresholds  expressed  as  a  percentage  of  the  queue's  allocated 
memory.  The  range  is  1  to  400  percent. 


Amount  of  memory  to  be  guaranteed  (reserved)  for  the  queue  and  expressed 
as  a  percentage  of  the  allocated  memory.  The  range  is  1  to  100  percent. 

Enable  a  queue  in  the  full  condition  to  get  more  buffers  than  are  reserved  for 
it.  This  is  the  maximum  memory  the  queue  can  have  before  the  packets  are 
dropped.  The  range  is  1  to  400  percent. 


Defaults 


When  quality  of  service  (QoS)  is  enabled,  WTD  is  enabled. 
Table  2-9  shows  the  default  WTD  threshold  settings. 


Table  2-9    Default  Egress  Queue  WTD  Threshold  Settings 


Feature 

Queue  1 

Queue  2 

Queue  3 

Queue  4 

WTD  Drop  Threshold  1 

100  percent 

200  percent 

100  percent 

100  percent 

WTD  Drop  Threshold  2 

100  percent 

200  percent 

100  percent 

100  percent 

Reserved  Threshold 

50  percent 

100  percent 

50  percent 

50  percent 

Maximum  Threshold 

400  percent 

400  percent 

400  percent 

400  percent 

Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 
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Usage  Guidelines       Use  the  mis  qos  queue-set  output  qset-id  buffers  global  configuration  command  to  allocate  a  fixed 
number  of  buffers  to  the  four  queues  in  a  queue-set. 

The  drop-threshold  percentages  can  exceed  100  percent  and  can  be  up  to  the  maximum  (if  the  maximum 
threshold  exceeds  100  percent). 

%   

Note      The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 

you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  QoS 

solution. 

The  switch  uses  a  buffer  allocation  scheme  to  reserve  a  minimum  amount  of  buffers  for  each  egress 
queue,  to  prevent  any  queue  or  port  from  consuming  all  the  buffers  and  depriving  other  queues,  and  to 
decide  whether  to  grant  buffer  space  to  a  requesting  queue.  The  switch  decides  whether  the  target  queue 
has  not  consumed  more  buffers  than  its  reserved  amount  (under-limit),  whether  it  has  consumed  all  of 
its  maximum  buffers  (over-limit),  and  whether  the  common  pool  is  empty  (no  free  buffers)  or  not  empty 
(free  buffers).  If  the  queue  is  not  over-limit,  the  switch  can  allocate  buffer  space  from  the  reserved  pool 
or  from  the  common  pool  (if  it  is  not  empty).  If  there  are  no  free  buffers  in  the  common  pool  or  if  the 
queue  is  over-limit,  the  switch  drops  the  frame. 


Examples  This  example  shows  how  to  map  a  port  to  queue-set  2.  It  configures  the  drop  thresholds  for  queue  2  to 

40  and  60  percent  of  the  allocated  memory,  guarantees  (reserves)  100  percent  of  the  allocated  memory, 
and  configures  200  percent  as  the  maximum  memory  this  queue  can  have  before  packets  are  dropped: 

Switch ( config) #  mis  qos  queue-set  output  2  threshold  2  40  60  100  200 
Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  queue-set  2 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  buffers  or  the  show 
mis  qos  queue-set  privileged  EXEC  command. 


Related  Commands      Command  Description 


mis  qos  queue-set  output  buffers 

Allocates  buffers  to  a  queue-set. 

queue-set 

Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  buffers 

Displays  QoS  information. 

show  mis  qos  queue-set 

Displays  egress  queue  settings  for  the  queue-set. 
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mis  qos  rewrite  ip  dscp 


Use  the  mis  qos  rewrite  ip  dscp  global  configuration  command  to  configure  the  switch  to  change 
(rewrite)  the  Differentiated  Services  Code  Point  (DSCP)  field  of  an  incoming  IP  packet.  Use  the  no  form 
of  this  command  to  configure  the  switch  to  not  modify  (rewrite)  the  DSCP  field  of  the  packet  and  to 
enable  DSCP  transparency. 

mis  qos  rewrite  ip  dscp 

no  mis  qos  rewrite  ip  dscp 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


DSCP  transparency  is  disabled.  The  switch  changes  the  DSCP  field  of  the  incoming  IP  packet. 


Command  Modes        Global  configuration 


Command  History 
Usage  Guidelines 


DSCP  transparency  affects  only  the  DSCP  field  of  a  packet  at  the  egress.  If  DSCP  transparency  is 
enabled  by  using  the  no  mis  qos  rewrite  ip  dscp  command,  the  switch  does  not  modify  the  DSCP  field 
in  the  incoming  packet,  and  the  DSCP  field  in  the  outgoing  packet  is  the  same  as  that  in  the  incoming 
packet. 

By  default,  DSCP  transparency  is  disabled.  The  switch  modifies  the  DSCP  field  in  an  incoming  packet, 
and  the  DSCP  field  in  the  outgoing  packet  is  based  on  the  quality  of  service  (QoS)  configuration, 
including  the  port  trust  setting,  policing  and  marking,  and  the  DSCP-to-DSCP  mutation  map. 

Regardless  of  the  DSCP  transparency  configuration,  the  switch  modifies  the  internal  DSCP  value  of  the 
packet  that  the  switch  uses  to  generate  a  class  of  service  (CoS)  value  representing  the  priority  of  the 
traffic.  The  switch  also  uses  the  internal  DSCP  value  to  select  an  egress  queue  and  threshold. 

For  example,  if  QoS  is  enabled  and  an  incoming  packet  has  a  DSCP  value  of  32,  the  switch  might  modify 
the  internal  DSCP  value  based  on  the  policy-map  configuration  and  change  the  internal  DSCP  value 
to  16.  If  DSCP  transparency  is  enabled,  the  outgoing  DSCP  value  is  32  (same  as  the  incoming  value).  If 
DSCP  transparency  is  disabled,  the  outgoing  DSCP  value  is  16  because  it  is  based  on  the  internal  DSCP 
value. 
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Examples  This  example  shows  how  to  enable  DSCP  transparency  and  configure  the  switch  to  not  change  the  DSCP 

value  of  the  incoming  IP  packet: 

Switch (config) #  mis  qos 

Switch (config) #  no  mis  qos  rewrite  ip  dscp 

This  example  shows  how  to  disable  DSCP  transparency  and  configure  the  switch  to  change  the  DSCP 
value  of  the  incoming  IP  packet: 

Switch (config) #  mis  qos 

Switch (config) #  mis  qos  rewrite  ip  dscp 

You  can  verify  your  settings  by  entering  the  show  running  config  I  include  rewrite  privileged  EXEC 
command. 


Related  Commands      Command  Description 


mis  qos 

Enables  QoS  globally. 

show  mis  qos 

Displays  QoS  information. 

show  running-config  1 

Displays  the  DSCP  transparency  setting.  For  syntax  information,  select 

include  rewrite 

Cisco  IOS  Release  12.2  Configuration  Guides  and  Command 

References  >  Cisco  IOS  Fundamentals  Command  Reference, 

Release  12.2  >  File  Management  Commands  >  Configuration  File 

Management  Commands. 

2-214 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Chapter  2    CGESM  Switch  Cisco  IPS  Commands 


mis  qos  srr-queue  input  bandwidth  I 


mis  qos  srr-queue  input  bandwidth 


Use  the  mis  qos  srr-queue  input  bandwidth  global  configuration  command  to  assign  shaped  round 
robin  (SRR)  weights  to  an  ingress  queue.  The  ratio  of  the  weights  is  the  ratio  of  the  frequency  in  which 
the  SRR  scheduler  dequeues  packets  from  each  queue.  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

mis  qos  srr-queue  input  bandwidth  weightl  weight2 

no  mis  qos  srr-queue  input  bandwidth 


Syntax  Description      weightl  weight2 


Ratio  of  weightl  and  weight2  determines  the  ratio  of  the  frequency  in  which  the 
SRR  scheduler  dequeues  packets  from  ingress  queues  1  and  2.  The  range  is  1  to 
100.  Separate  each  value  with  a  space. 


Defaults 


Weightl  and  weight2  are  4  (1/2  of  the  bandwidth  is  equally  shared  between  the  two  queues). 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


SRR  services  the  priority  queue  for  its  configured  weight  as  specified  by  the  bandwidth  keyword  in  the 
mis  qos  srr-queue  input  priority-queue  queue-id  bandwidth  weight  global  configuration  command. 
Then  SRR  shares  the  remaining  bandwidth  with  both  ingress  queues  and  services  them  as  specified  by 
the  weights  configured  with  the  mis  qos  srr-queue  input  bandwidth  weightl  weight2  global 
configuration  command. 

You  specify  which  ingress  queue  is  the  priority  queue  by  using  the  mis  qos  srr-queue  input 
priority-queue  global  configuration  command. 


Examples 


This  example  shows  how  to  assign  the  ingress  bandwidth  for  the  queues.  Priority  queueing  is  disabled, 
and  the  shared  bandwidth  ratio  allocated  to  queue  1  is  25/(25+75)  and  to  queue  2  is  75/(25+75): 

Switch (config) #  mis  qos  srr-queue  input  priority-queue  2  bandwidth  0 
Switch (config) #  mis  qos  srr-queue  input  bandwidth  25  75 

In  this  example,  queue  2  has  three  times  the  bandwidth  of  queue  1;  queue  2  is  serviced  three  times  as 
often  as  queue  1. 
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This  example  shows  how  to  assign  the  ingress  bandwidths  for  the  queues.  Queue  1  is  the  priority  queue 
with  10  percent  of  the  bandwidth  allocated  to  it.  The  bandwidth  ratio  allocated  to  queues  1  and  2  is 
4/(4+4).  SRR  services  queue  1  (the  priority  queue)  first  for  its  configured  10  percent  bandwidth.  Then 
SRR  equally  shares  the  remaining  90  percent  of  the  bandwidth  between  queues  1  and  2  by  allocating  45 
percent  to  each  queue: 

Switch (config) #  mis  qos  srr-queue  input  priority-queue  1  bandwidth  10 
Switch (config) #  mis  qos  srr-queue  input  bandwidth  4  4 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  queueing  or  the  show 
mis  qos  input-queue  privileged  EXEC  command. 


Related  Commands  Command 


Description 


mis  qos  srr-queue  input  buffers 
mis  qos  srr-queue  input  cos-map 

mis  qos  srr-queue  input  dscp-map 


Allocates  the  buffers  between  the  ingress  queues. 

Maps  class  of  service  (CoS)  values  to  an  ingress  queue  or 
maps  CoS  values  to  a  queue  and  to  a  threshold  ID. 

Maps  Differentiated  Services  Code  Point  (DSCP)  values 
to  an  ingress  queue  or  maps  DSCP  values  to  a  queue  and 
to  a  threshold  ID. 


mis  qos  srr-queue  input  priority-queue 


Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 


mis  qos  srr-queue  input  threshold 

show  mis  qos  input-queue 
show  mis  qos  interface  queueing 


Assigns  weighted  tail-drop  (WTD)  threshold  percentages 
to  an  ingress  queue. 

Displays  ingress  queue  settings. 

Displays  quality  of  service  (QoS)  information. 
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mis  qos  srr-queue  input  buffers  I 


mis  qos  srr-queue  input  buffers 


Use  the  mis  qos  srr-queue  input  buffers  global  configuration  command  to  allocate  the  buffers  between 
the  ingress  queues.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  input  buffers  percentage!  percentage! 

no  mis  qos  srr-queue  input  buffers 


Syntax  Description  percentage! 

percentage! 


Percentage  of  buffers  allocated  to  ingress  queues  1  and  2.  The  range  is  0  to 
100.  Separate  each  value  with  a  space. 


Defaults 


Ninety  percent  of  the  buffers  is  allocated  to  queue  1,  and  10  percent  of  the  buffers  is  allocated  to  queue  2. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  allocate  the  buffers  so  that  the  queues  can  handle  any  incoming  bursty  traffic. 


Examples 


This  example  shows  how  to  allocate  60  percent  of  the  buffer  space  to  ingress  queue  1  and  40  percent  of 
the  buffer  space  to  ingress  queue  2: 

Switch ( config) #  mis  qos  srr-queue  input  buffers  60  40 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id}  buffers  or  the  show 
mis  qos  input-queue  privileged  EXEC  command. 


Related  Commands 


Command 

mis  qos  srr-queue  input  bandwidth 
mis  qos  srr-queue  input  cos-map 


Description 

Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 
queue. 

Maps  class  of  service  (CoS)  values  to  an  ingress  queue 
or  maps  CoS  values  to  a  queue  and  to  a  threshold  ID. 


mis  qos  srr-queue  input  dscp-map 


Maps  Differentiated  Services  Code  Point  (DSCP)  values 
to  an  ingress  queue  or  maps  DSCP  values  to  a  queue  and 
to  a  threshold  ID. 


mis  qos  srr-queue  input  priority-queue 


Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 


mis  qos  srr-queue  input  threshold 


Assigns  weighted  tail-drop  (WTD)  threshold 
percentages  to  an  ingress  queue. 
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Command 

Description 

show  mis  qos  input-queue 

Displays  ingress  queue  settings. 

show  mis  qos  interface  buffers 

Displays  quality  of  service  (QoS)  information. 
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mis  qos  srr-queue  input  cos-map  H 


mis  qos  srr-queue  input  cos-map 

Use  the  mis  qos  srr-queue  input  cos-map  global  configuration  command  to  map  class  of  service  (CoS) 
values  to  an  ingress  queue  or  to  map  CoS  values  to  a  queue  and  to  a  threshold  ID.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  input  cos-map  queue  queue-id  [cosl...cos8  I  threshold  threshold-id 
cosl...cos8} 

no  mis  qos  srr-queue  input  cos-map 


Syntax  Description      queue  queue-id  Specify  a  queue  number. 

For  queue-id,  the  range  is  1  to  2. 

cosl...cos8  Map  CoS  values  to  an  ingress  queue. 

For  cosl ...cos8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  7. 

threshold  threshold-id     Map  CoS  values  to  a  queue  threshold  ID. 

cosl...cos8  por  threshold-id,  the  range  is  1  to  3. 

For  cosl ...cos8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  7. 


Defaults  Table  2-10  shows  the  default  CoS  input  queue  threshold  map: 

Table  2- 10  Default  CoS  Input  Queue  Threshold  Map 


CoS  Value 

Queue  ID  -  Threshold  ID 

0-4 

1-1 

5 

2-1 

6,  7 

1-1 

Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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Usage  Guidelines        The  CoS  assigned  at  the  ingress  port  selects  an  ingress  or  egress  queue  and  threshold. 

The  drop-threshold  percentage  for  threshold  3  is  predefined.  It  is  set  to  the  queue-full  state.  You  can 
assign  two  weighted  tail-drop  (WTD)  threshold  percentages  to  an  ingress  queue  by  using  the  mis  qos 
srr-queue  input  threshold  global  configuration  command. 

You  can  map  each  CoS  value  to  a  different  queue  and  threshold  combination,  allowing  the  frame  to 
follow  different  behavior. 


Examples  This  example  shows  how  to  map  CoS  values  0  to  3  to  ingress  queue  1  and  to  threshold  ID  1  with  a  drop 

threshold  of  50  percent.  It  maps  CoS  values  4  and  5  to  ingress  queue  1  and  to  threshold  ID  2  with  a  drop 
threshold  of  70  percent: 

Switch (config) #  mis  qos  srr-queue  input  cos-map  queue  1  threshold  10  12  3 
Switch (config) #  mis  qos  srr-queue  Input  cos-map  queue  1  threshold  2  4  5 
Switch (config) #  mis  qos  srr-queue  Input  threshold  1  50  70 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps  privileged  EXEC  command. 


Related  Commands  Command 


Description 


mis  qos  srr-queue  input  bandwidth 


Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 
queue. 


mis  qos  srr-queue  input  buffers 
mis  qos  srr-queue  input  dscp-map 

mis  qos  srr-queue  input  priority-queue 


Allocates  the  buffers  between  the  ingress  queues. 

Maps  Differentiated  Services  Code  Point  (DSCP)  values 
to  an  ingress  queue  or  maps  DSCP  values  to  a  queue  and 
to  a  threshold  ID. 

Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 


mis  qos  srr-queue  input  threshold 


Assigns  WTD  threshold  percentages  to  an  ingress  queue. 


show  mis  qos  maps 


Displays  QoS  mapping  information. 
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mis  qos  srr-queue  input  dscp-map  M 


mis  qos  srr-queue  input  dscp-map 


Use  the  mis  qos  srr-queue  input  dscp-map  global  configuration  command  to  map  Differentiated 
Services  Code  Point  (DSCP)  values  to  an  ingress  queue  or  to  map  DSCP  values  to  a  queue  and  to  a 
threshold  ID.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  input  dscp-map  queue  queue-id  {dscpl...dscp8  I  threshold  threshold-id 
dscpl. ..dscp8] 

no  mis  qos  srr-queue  input  dscp-map 


Syntax  Description 


queue  queue-id 
dscpl...dscp8 


Specify  a  queue  number. 

For  queue-id,  the  range  is  1  to  2. 

Map  DSCP  values  to  an  ingress  queue. 

For  dscpl ...dscp8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  63. 


threshold  threshold-id     Map  DSCP  values  to  a  queue  threshold  ID. 


dscpl. ..dscp8 


For  threshold-id,  the  range  is  1  to  3. 

For  dscpl... dscp8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  63. 


Defaults 


Table  2-11  shows  the  default  DSCP  input  queue  threshold  map: 
Table  2-11   Default  DSCP  Input  Queue  Threshold  Map 


DSCP  Value 

Queue  ID  Threshold  ID 

0-39 

1-1 

40-47 

2-1 

48-63 

1-1 

Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 
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Usage  Guidelines        The  DSCP  assigned  at  the  ingress  port  selects  an  ingress  or  egress  queue  and  threshold. 

The  drop-threshold  percentage  for  threshold  3  is  predefined.  It  is  set  to  the  queue-full  state.  You  can 
assign  two  weighted  tail-drop  (WTD)  threshold  percentages  to  an  ingress  queue  by  using  the  mis  qos 
srr-queue  input  threshold  global  configuration  command. 

You  can  map  each  DSCP  value  to  a  different  queue  and  threshold  combination,  allowing  the  frame  to 
follow  different  behavior. 

You  can  map  up  to  eight  DSCP  values  per  command. 


Examples  This  example  shows  how  to  map  DSCP  values  0  to  6  to  ingress  queue  1  and  to  threshold  1  with  a  drop 

threshold  of  50  percent.  It  maps  DSCP  values  20  to  26  to  ingress  queue  1  and  to  threshold  2  with  a  drop 
threshold  of  70  percent: 

Switch (config) #  mis  qos  srr-queue  input  dscp-map  queue  1  threshold  10123456 
Switch (config) #  mis  qos  srr-queue  input  dscp-map  queue  1  threshold  2  20  21  22  23  24  25  26 
Switch (config) #  mis  qos  srr-queue  input  threshold  1  50  70 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps  privileged  EXEC  command. 


Related  Commands      Command  Description 

mis  qos  srr-queue  input  bandwidth  Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 

queue. 

mis  qos  srr-queue  input  buffers  Allocates  the  buffers  between  the  ingress  queues. 

mis  qos  srr-queue  input  cos-map  Maps  class  of  service  (CoS)  values  to  an  ingress  queue 

or  maps  CoS  values  to  a  queue  and  to  threshold  ID. 

mis  qos  srr-queue  input  priority-queue      Configures  the  ingress  priority  queue  and  guarantees 

bandwidth. 

mis  qos  srr-queue  input  threshold  Assigns  WTD  threshold  percentages  to  an  ingress  queue, 

show  mis  qos  maps  Displays  QoS  mapping  information. 
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mis  qos  srr-queue  input  priority-queue 


Use  the  mis  qos  srr-queue  input  priority-queue  global  configuration  command  to  configure  the  ingress 
priority  queue  and  to  guarantee  bandwidth  on  the  internal  ring  if  the  ring  is  congested.  Use  the  no  form 
of  this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  input  priority-queue  queue-id  bandwidth  weight 

no  mis  qos  srr-queue  input  priority-queue  queue-id 


Syntax  Description  queue-id 


Ingress  queue  ID.  The  range  is  1  to  2. 


bandwidth  weight 


Bandwidth  percentage  of  the  internal  ring.  The  range  is  0  to  40. 


Defaults 


The  priority  queue  is  queue  2,  and  10  percent  of  the  bandwidth  is  allocated  to  it. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  use  the  priority  queue  only  for  traffic  that  needs  to  be  expedited  (for  example,  voice  traffic, 
which  needs  minimum  delay  and  jitter). 

The  priority  queue  is  guaranteed  part  of  the  bandwidth  on  the  internal  ring,  which  reduces  the  delay  and 
jitter  under  heavy  network  traffic  on  an  oversubscribed  ring  (when  there  is  more  traffic  than  the 
backplane  can  carry,  and  the  queues  are  full  and  dropping  frames). 

Shaped  round  robin  (SRR)  services  the  priority  queue  for  its  configured  weight  as  specified  by  the 
bandwidth  keyword  in  the  mis  qos  srr-queue  input  priority-queue  queue-id  bandwidth  weight  global 
configuration  command.  Then  SRR  shares  the  remaining  bandwidth  with  both  ingress  queues  and 
services  them  as  specified  by  the  weights  configured  with  the  mis  qos  srr-queue  input  bandwidth 

weightl  weight2  global  configuration  command. 

To  disable  priority  queueing,  set  the  bandwidth  weight  to  0,  for  example,  mis  qos  srr-queue  input 
priority-queue  queue-id  bandwidth  0. 
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Examples  This  example  shows  how  to  assign  the  ingress  bandwidths  for  the  queues.  Queue  1  is  the  priority  queue 

with  10  percent  of  the  bandwidth  allocated  to  it.  The  bandwidth  ratio  allocated  to  queues  1  and  2  is 
4/(4+4).  SRR  services  queue  1  (the  priority  queue)  first  for  its  configured  10  percent  bandwidth.  Then 
SRR  equally  shares  the  remaining  90  percent  of  the  bandwidth  between  queues  1  and  2  by  allocating  45 
percent  to  each  queue: 

Switch (config) #  mis  qos  srr-queue  input  priority-queue  1  bandwidth  10 
Switch (config) #  mis  qos  srr-queue  input  bandwidth  4  4 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  queueing  or  the  show 
mis  qos  input-queue  privileged  EXEC  command. 


Related  Commands      Command  Description 

mis  qos  srr-queue  input  bandwidth    Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 

queue. 

mis  qos  srr-queue  input  buffers         Allocates  the  buffers  between  the  ingress  queues. 

mis  qos  srr-queue  input  cos-map        Maps  class  of  service  (CoS)  values  to  an  ingress  queue  or 

maps  CoS  values  to  a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  input  dscp-map      Maps  Differentiated  Services  Code  Point  (DSCP)  values  to  an 

ingress  queue  or  maps  DSCP  values  to  a  queue  and  to  a 
threshold  ID. 

mis  qos  srr-queue  input  threshold      Assigns  weighted  tail-drop  (WTD)  threshold  percentages  to  an 

ingress  queue. 

show  mis  qos  input-queue  Displays  ingress  queue  settings. 

show  mis  qos  interface  queueing        Displays  quality  of  service  (QoS)  information. 
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mis  qos  srr-queue  input  threshold 


Use  the  mis  qos  srr-queue  input  threshold  global  configuration  command  to  assign  weighted  tail-drop 
(WTD)  threshold  percentages  to  an  ingress  queue.  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

mis  qos  srr-queue  input  threshold  queue-id  threshold-percentage  1  threshold-percentage! 
no  mis  qos  srr-queue  input  threshold  queue-id 


Syntax  Description  queue-id 


threshold-percentage  1 
threshold-percentage2 


ID  of  the  ingress  queue.  The  range  is  1  to  2. 


Two  WTD  threshold  percentage  values.  Each  threshold  value  is  a 
percentage  of  the  total  number  of  queue  descriptors  allocated  for  the 
queue.  Separate  each  value  with  a  space.  The  range  is  1  to  100. 


Defaults 


When  quality  of  service  (QoS)  is  enabled,  WTD  is  enabled. 
The  two  WTD  thresholds  are  set  to  100  percent. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


QoS  uses  the  CoS-to-threshold  map  or  the  DSCP-to-threshold  map  to  decide  which  class  of  service 
(CoS)  or  Differentiated  Services  Code  Points  (DSCPs)  values  are  mapped  to  threshold  1  and  to 
threshold  2.  If  threshold  1  is  exceeded,  packets  with  CoS  or  DSCPs  assigned  to  this  threshold  are 
dropped  until  the  threshold  is  no  longer  exceeded.  However,  packets  assigned  to  threshold  2  continue  to 
be  queued  and  sent  as  long  as  the  second  threshold  is  not  exceeded. 

Each  queue  has  two  configurable  (explicit)  drop  threshold  and  one  preset  (implicit)  drop  threshold  (full). 

You  configure  the  CoS-to-threshold  map  by  using  the  mis  qos  srr-queue  input  cos-map  global 
configuration  command.  You  configure  the  DSCP-to-threshold  map  by  using  the  mis  qos  srr-queue 
input  dscp-map  global  configuration  command. 


Examples 


This  example  shows  how  to  configure  the  tail-drop  thresholds  for  the  two  queues.  The  queue  1  thresholds 
are  50  percent  and  100  percent,  and  the  queue  2  thresholds  are  70  percent  and  100  percent: 

Switch(conf ig) #  mis  qos  srr-queue  input  threshold  1  50  100 
Switch(conf ig) #  mis  qos  srr-queue  input  threshold  2  70  100 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  buffers  or  the  show 
mis  qos  input-queue  privileged  EXEC  command. 
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Related  Commands  Command 


Description 


mis  qos  srr-queue  input  bandwidth 


mis  qos  srr-queue  input  buffers 


Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 
queue. 

Allocates  the  buffers  between  the  ingress  queues. 


mis  qos  srr-queue  input  cos-map 


Maps  class  of  service  (CoS)  values  to  an  ingress  queue 
or  maps  CoS  values  to  a  queue  and  to  a  threshold  ID. 


mis  qos  srr-queue  input  dscp-map 


Maps  Differentiated  Services  Code  Point  (DSCP)  values 
to  an  ingress  queue  or  maps  DSCP  values  to  a  queue  and 
to  a  threshold  ID. 


mis  qos  srr-queue  input  priority-queue 

show  mis  qos  input-queue 
show  mis  qos  interface  buffers 


Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 

Displays  ingress  queue  settings. 

Displays  quality  of  service  (QoS)  information. 
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mis  qos  srr-queue  output  cos-map  M 


mis  qos  srr-queue  output  cos-map 

Use  the  mis  qos  srr-queue  output  cos-map  global  configuration  command  to  map  class  of  service 
(CoS)  values  to  an  egress  queue  or  to  map  CoS  values  to  a  queue  and  to  a  threshold  ID.  Use  the  no  form 
of  this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  output  cos-map  queue  queue-id  {cosl...cos8  I  threshold  threshold-id 
cosl...cos8] 

no  mis  qos  srr-queue  output  cos-map 


Syntax  Description      queue  queue-id  Specify  a  queue  number. 

For  queue-id,  the  range  is  1  to  4. 

cosl...cos8  Map  CoS  values  to  an  egress  queue. 

For  cosl ...cos8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  7. 

threshold  threshold-id     Map  CoS  values  to  a  queue  threshold  ID. 

cosl...cos8  por  threshold-id,  the  range  is  1  to  3. 

For  cosl ...cos8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  7. 


Defaults  Table  2-12  shows  the  default  CoS  output  queue  threshold  map: 

Table  2-12  Default  Cos  Output  Queue  Threshold  Map 


CoS  Value 

Queue  ID  Threshold  ID 

0,  1 

2-1 

2,  3 

3-1 

4 

4-1 

5 

1-1 

6,  7 

4-1 

Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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Usage  Guidelines 

X 

Note 


The  drop-threshold  percentage  for  threshold  3  is  predefined.  It  is  set  to  the  queue-full  state. 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  quality 
of  service  (QoS)  solution. 


You  can  assign  two  weighted  tail-drop  (WTD)  threshold  percentages  to  an  egress  queue  by  using  the  mis 
qos  queue-set  output  qset-id  threshold  global  configuration  command. 

You  can  map  each  CoS  value  to  a  different  queue  and  threshold  combination,  allowing  the  frame  to 
follow  different  behavior. 


Examples 


This  example  shows  how  to  map  a  port  to  queue-set  1.  It  maps  CoS  values  0  to  3  to  egress  queue  1  and 
to  threshold  ID  1.  It  configures  the  drop  thresholds  for  queue  1  to  50  and  70  percent  of  the  allocated 
memory,  guarantees  (reserves)  100  percent  of  the  allocated  memory,  and  configures  200  percent  as  the 
maximum  memory  that  this  queue  can  have  before  packets  are  dropped. 

Switch (config) #  mis  qos  srr-queue  output  cos-map  queue  1  threshold  10  12  3 
Switch (config) #  mis  qos  queue-set  output  1  threshold  1  50  70  100  200 
Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  queue-set  1 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps,  the  show  mis  qos  interface 
[interface-id]  buffers,  or  the  show  mis  qos  queue-set  privileged  EXEC  command. 


Related  Commands      Command  Description 


mis  qos  srr-queue  output  dscp-map 

Maps  Differentiated  Services  Code  Point  (DSCP)  values  to  an 

egress  queue  or  maps  DSCP  values  to  a  queue  and  to  a 

threshold  ID. 

mis  qos  queue-set  output  threshold 

Configures  the  WTD  thresholds,  guarantees  the  availability  of 

buffers,  and  configures  the  maximum  memory  allocation  to  a 

queue-set. 

queue-set 

Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  buffers 

Displays  QoS  information. 

show  mis  qos  maps 

Displays  QoS  mapping  information. 

show  mis  qos  queue-set 

Displays  egress  queue  settings  for  the  queue-set. 
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mis  qos  srr-queue  output  dscp-map  M 


mis  qos  srr-queue  output  dscp-map 


Use  the  mis  qos  srr-queue  output  dscp-map  global  configuration  command  to  map  Differentiated 
Services  Code  Point  (DSCP)  values  to  an  egress  or  to  map  DSCP  values  to  a  queue  and  to  a  threshold 
ID.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

mis  qos  srr-queue  output  dscp-map  queue  queue-id  {dscpl...dscp8  I  threshold  threshold-id 
dscpl. ..dscp8] 

no  mis  qos  srr-queue  output  dscp-map 


Syntax  Description 


queue  queue-id 
dscpl...dscp8 


Specify  a  queue  number. 

For  queue-id,  the  range  is  1  to  4. 

Map  DSCP  values  to  an  egress  queue. 

For  dscpl ...dscp8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  63. 


threshold  threshold-id     Map  DSCP  values  to  a  queue  threshold  ID. 


dscpl. ..dscp8 


For  threshold-id,  the  range  is  1  to  3. 

For  dscpl... dscp8,  enter  up  to  eight  values,  and  separate  each  value  with  a 
space.  The  range  is  0  to  63. 


Defaults 


Table  2-13  shows  the  default  DSCP  output  queue  threshold  map: 
Table  2-13  Default  DSCP  Output  Queue  Threshold  Map 


DSCP  Value 

Queue  ID  Threshold  ID 

0-15 

2-1 

16-31 

3-1 

32-39 

4-1 

40-47 

1-1 

48-63 

4-1 

Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 
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Usage  Guidelines 

X 

Note 


The  drop-threshold  percentage  for  threshold  3  is  predefined.  It  is  set  to  the  queue-full  state. 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  QoS 
solution. 


You  can  assign  two  weighted  tail-drop  (WTD)  threshold  percentages  to  an  egress  queue  by  using  the  mis 
qos  queue-set  output  qset-id  threshold  global  configuration  command. 

You  can  map  each  DSCP  value  to  a  different  queue  and  threshold  combination,  allowing  the  frame  to 
follow  different  behavior. 

You  can  map  up  to  eight  DSCP  values  per  command. 


Examples 


This  example  shows  how  to  map  a  port  to  queue-set  1.  It  maps  DSCP  values  0  to  3  to  egress  queue  1  and 
to  threshold  ID  1.  It  configures  the  drop  thresholds  for  queue  1  to  50  and  70  percent  of  the  allocated 
memory,  guarantees  (reserves)  100  percent  of  the  allocated  memory,  and  configures  200  percent  as  the 
maximum  memory  that  this  queue  can  have  before  packets  are  dropped. 

Switch (config) #  mis  qos  srr-queue  output  dscp-map  queue  1  threshold  10  12  3 
Switch (config) #  mis  qos  queue-set  output  1  threshold  1  50  70  100  200 
Switch (config) #  Interface  gigabitethernetO/1 

Switch (config-if) #  queue-set  1 

You  can  verify  your  settings  by  entering  the  show  mis  qos  maps,  the  show  mis  qos  interface 
[interface-id]  buffers,  or  the  show  mis  qos  queue-set  privileged  EXEC  command. 


Related  Commands      Command  Description 


mis  qos  srr-queue  output  cos-map 

Maps  class  of  service  (CoS)  values  to  an  egress  queue  or  maps 

CoS  values  to  a  queue  and  to  a  threshold  ID. 

mis  qos  queue-set  output  threshold 

Configures  the  WTD  thresholds,  guarantees  the  availability  of 

buffers,  and  configures  the  maximum  memory  allocation  to  a 

queue-set. 

queue-set 

Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  buffers 

Displays  quality  of  service  (QoS)  information. 

show  mis  qos  maps 

Displays  QoS  mapping  information. 

show  mis  qos  queue-set 

Displays  egress  queue  settings  for  the  queue-set. 
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mis  qos  trust  I 


mis  qos  trust 

Use  the  mis  qos  trust  interface  configuration  command  to  configure  the  port  trust  state.  Ingress  traffic 
can  be  trusted,  and  classification  is  performed  by  examining  the  packet  Differentiated  Services  Code 
Point  (DSCP),  class  of  service  (CoS),  or  IP-precedence  field.  Use  the  no  form  of  this  command  to  return 
a  port  to  its  untrusted  state. 

mis  qos  trust  [cos  I  device  cisco-phone  I  dscp  I  ip-precedence] 

no  mis  qos  trust  [cos  I  device  I  dscp  I  ip-precedence] 


Syntax  Description      cos  (Optional)  Classify  an  ingress  packet  by  using  the  packet  CoS  value.  For  an 

untagged  packet,  use  the  port  default  CoS  value. 

device  cisco-phone      (Optional)  Classify  an  ingress  packet  by  trusting  the  CoS  or  DSCP  value  sent 
from  the  Cisco  IP  Phone  (trusted  boundary),  depending  on  the  trust  setting. 

dscp  (Optional)  Classify  an  ingress  packet  by  using  the  packet  DSCP  value  (most 

significant  6  bits  of  8-bit  service-type  field).  For  a  non-IP  packet,  the  packet 
CoS  is  used  if  the  packet  is  tagged.  For  an  untagged  packet,  the  default  port 
CoS  value  is  used. 

ip-precedence  (Optional)  Classify  an  ingress  packet  by  using  the  packet  IP-precedence  value 

(most  significant  3  bits  of  8-bit  service-type  field).  For  a  non-IP  packet,  the 
packet  CoS  is  used  if  the  packet  is  tagged.  For  an  untagged  packet,  the  port 
default  CoS  value  is  used. 


Defaults  The  port  is  not  trusted.  If  no  keyword  is  specified  when  the  command  is  entered,  the  default  is  dscp. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Packets  entering  a  quality  of  service  (QoS)  domain  are  classified  at  the  edge  of  the  domain.  When  the 
packets  are  classified  at  the  edge,  the  switch  port  within  the  QoS  domain  can  be  configured  to  one  of  the 
trusted  states  because  there  is  no  need  to  classify  the  packets  at  every  switch  within  the  domain.  Use  this 
command  to  specify  whether  the  port  is  trusted  and  which  fields  of  the  packet  to  use  to  classify  traffic. 

When  a  port  is  configured  with  trust  DSCP  or  trust  IP  precedence  and  the  incoming  packet  is  a  non-IP 
packet,  the  CoS-to-DSCP  map  is  used  to  derive  the  corresponding  DSCP  value  from  the  CoS  value.  The 
CoS  can  be  the  packet  CoS  for  trunk  ports  or  the  port  default  CoS  for  non trunk  ports. 

If  the  DSCP  is  trusted,  the  DSCP  field  of  the  IP  packet  is  not  modified.  However,  it  is  still  possible  that 
the  CoS  value  of  the  packet  is  modified  (according  to  DSCP-to-CoS  map). 

If  the  CoS  is  trusted,  the  CoS  field  of  the  packet  is  not  modified,  but  the  DSCP  can  be  modified 
(according  to  CoS-to-DSCP  map)  if  the  packet  is  an  IP  packet. 
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The  trusted  boundary  feature  prevents  security  problems  if  users  disconnect  their  PCs  from  networked 
Cisco  IP  Phones  and  connect  them  to  the  switch  port  to  take  advantage  of  trusted  CoS  or  DSCP  settings. 
You  must  globally  enable  the  Cisco  Discovery  Protocol  (CDP)  on  the  switch  and  on  the  port  connected 
to  the  IP  phone.  If  the  telephone  is  not  detected,  trusted  boundary  disables  the  trusted  setting  on  the 
switch  or  routed  port  and  prevents  misuse  of  a  high-priority  queue. 

If  you  configure  the  trust  setting  for  DSCP  or  IP  precedence,  the  DSCP  or  IP  precedence  values  in  the 
incoming  packets  are  trusted.  If  you  configure  the  mis  qos  cos  override  interface  configuration 
command  on  the  switch  port  connected  to  the  IP  phone,  the  switch  overrides  the  CoS  of  the  incoming 
voice  and  data  packets  and  assigns  the  default  CoS  value  to  them. 

For  an  inter-QoS  domain  boundary,  you  can  configure  the  port  to  the  DSCP-trusted  state  and  apply  the 
DSCP-to-DSCP-mutation  map  if  the  DSCP  values  are  different  between  the  QoS  domains. 

Classification  using  a  port  trust  state  (for  example,  mis  qos  trust  [cos  I  dscp  I  ip-precedence]  and  a 
policy  map  (for  example,  service-policy  input  policy-map-name)  are  mutually  exclusive.  The  last  one 
configured  overwrites  the  previous  configuration. 


Examples  This  example  shows  how  to  configure  a  port  to  trust  the  IP  precedence  field  in  the  incoming  packet: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  mis  qos  trust  ip-precedence 

This  example  shows  how  to  specify  that  the  Cisco  IP  Phone  connected  on  a  port  is  a  trusted  device: 

Switch ( config) #  interface  gigabitethernetO/1 
Switch (config-if ) #  mis  qos  trust  device  cisco-phone 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  privileged  EXEC  command. 


Related  Commands      Command  Description 


mis  qos  cos 

Defines  the  default  CoS  value  of  a  port  or  assigns  the  default  CoS  to  all 

incoming  packets  on  the  port. 

mis  qos  dscp-mutation 

Applies  a  DSCP-to  DSCP-mutation  map  to  a  DSCP-trusted  port. 

mis  qos  map 

Defines  the  CoS-to-DSCP  map,  DSCP-to-CoS  map,  the 

DSCP-to-DSCP-mutation  map,  the  IP-precedence-to-DSCP  map,  and  the 

policed-DSCP  map. 

show  mis  qos  interface 

Displays  QoS  information. 
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mis  qos  vlan-based 


Use  the  mis  qos  vlan-based  interface  configuration  command  to  enable  VLAN-based  quality  of  service 
(QoS)  on  the  physical  port.  Use  the  no  form  of  this  command  to  disable  this  feature. 

mis  qos  vlan-based 

no  mis  qos  vlan-based 


Syntax  Description      There  are  no  arguments  or  keywords. 


Defaults 


VLAN-based  QoS  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Before  attaching  a  hierarchical  policy  map  to  a  switch  virtual  interface  (SVI),  use  the  mis  qos 
vlan-based  interface  configuration  command  on  a  physical  port  if  the  port  is  to  be  specified  in  the 
secondary  interface  level  of  the  hierarchical  policy  map. 

When  you  configure  hierarchical  policing,  the  hierarchical  policy  map  is  attached  to  the  SVI  and  affects 
all  traffic  belonging  to  the  VLAN.  The  individual  policer  in  the  interface-level  traffic  classification  only 
affects  the  physical  ports  specified  for  that  classification. 

For  detailed  instructions  about  configuring  hierarchical  policy  maps,  see  the  "Classifying,  Policing,  and 
Marking  Traffic  by  Using  Hierarchical  Policy  Maps"  section  in  the  software  configuration  guide  for  this 
release. 


Examples 


This  example  shows  how  to  enable  VLAN-based  policing  on  a  physical  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  mis  qos  vlan-based 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  mis  qos  interface      Displays  QoS  information. 
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monitor  session 

Use  the  monitor  session  global  configuration  command  to  start  a  new  Switched  Port  Analyzer  (SPAN) 
session  or  Remote  SPAN  (RSPAN)  source  or  destination  session,  to  enable  ingress  traffic  on  the 
destination  port  for  a  network  security  device  (such  as  a  Cisco  IDS  Sensor  Appliance),  to  add  or  delete 
interfaces  or  VLANs  to  or  from  an  existing  SPAN  or  RSPAN  session,  and  to  limit  (filter)  SPAN  source 
traffic  to  specific  VLANs.  Use  the  no  form  of  this  command  to  remove  the  SPAN  or  RSPAN  session  or 
to  remove  source  or  destination  interfaces  or  filters  from  the  SPAN  or  RSPAN  session.  For  destination 
interfaces,  the  encapsulation  options  are  ignored  with  the  no  form  of  the  command. 

monitor  session  session_number  destination  {interface  interface-id  [,  I  -]  [encapsulation 

replicate]  [ingress  {dotlq  vlan  vlan-id  I  isl  I  untagged  vlan  vlan-id  I  vlan  vlan-id}] }  I  {remote 
vlan  vlan-id} 

monitor  session  session_number  filter  vlan  vlan-id  [,  I  -] 

monitor  session  session_number  source  {interface  interface-id  [,  I  -]  [both  I  rx  I  tx] }  I  {vlan 
vlan-id  [,  I  -]  [both  I  rx  I  tx]}l  {remote  vlan  vlan-id} 

no  monitor  session  {session _number  I  all  I  local  I  remote} 

no  monitor  session  session_number  destination  {interface  interface-id  [,  I  -]  [encapsulation 
replicate]  [ingress  {dotlq  vlan  vlan-id  I  isl  I  untagged  vlan  vlan-id  I  vlan  vlan-id}] }  I  {remote 
vlan  vlan-id} 

no  monitor  session  session_number  filter  vlan  vlan-id  [,  I  -] 

no  monitor  session  session_number  source  {interface  interface-id  [,  I  -]  [both  I  rx  I  tx]}  I  {vlan 
vlan-id  [,  I  -]  [both  I  rx  I  tx]}  I  {remote  vlan  vlan-id} 


Syntax  Description       session_number  Specify  the  session  number  identified  with  the  SPAN  or  RSPAN  session. 

The  range  is  1  to  66. 

destination  Specify  the  SPAN  or  RSPAN  destination.  A  destination  must  be  a  physical 

port. 

interface  interface-id       Specify  the  destination  or  source  interface  for  a  SPAN  or  RSPAN  session. 

Valid  interfaces  are  physical  ports  (including  type  and  port  number).  For 
source  interface,  port  channel  is  also  a  valid  interface  type,  and  the  valid 
range  is  1  to  48. 

encapsulation  replicate    (Optional)  Specify  that  the  destination  interface  replicates  the  source 

interface  encapsulation  method.  If  not  selected,  the  default  is  to  send 
packets  in  native  form  (untagged). 

These  keywords  are  valid  only  for  local  SPAN.  For  RSPAN,  the  RSPAN 
VLAN  ID  overwrites  the  original  VLAN  ID;  therefore,  packets  are  always 
sent  untagged. 


ingress 

(Optional)  Enable  ingress  traffic  forwarding. 

dotlq  vlan  vlan-id 

Accept  incoming  packets  with  IEEE  802. 1Q  encapsulation  with  the 

specified  VLAN  as  the  default  VLAN. 

isl 

Specify  ingress  forwarding  using  ISL  encapsulation. 
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untagged  vlan  vlan-id 


vlan  vlan-id 


remote  vlan  vlan-id 


filter  vlan  vlan-id 


source 


both,  rx,  tx 


source  vlan  vlan-id 


Accept  incoming  packets  with  untagged  encapsulation  with  the  specified 
VLAN  as  the  default  VLAN. 

When  used  with  only  the  ingress  keyword,  set  default  VLAN  for  ingress 
traffic. 

Specify  the  remote  VLAN  for  an  RSPAN  source  or  destination  session.  The 
range  is  2  to  1001  and  1006  to  4094. 

The  RSPAN  VLAN  cannot  be  VLAN  1  (the  default  VLAN)  or  VLAN  IDs 
1002  to  1005  (reserved  for  Token  Ring  and  FDDI  VLANs). 

(Optional)  Specify  a  series  of  interfaces  or  VLANs,  or  separate  a  range  of 
interfaces  or  VLANs  from  a  previous  range.  Enter  a  space  before  and  after 
the  comma. 

(Optional)  Specify  a  range  of  interfaces  or  VLANs.  Enter  a  space  before 
and  after  the  hyphen. 

Specify  a  list  of  VLANs  as  filters  on  trunk  source  ports  to  limit  SPAN 
source  traffic  to  specific  VLANs.  The  vlan-id  range  is  1  to  4094. 

Specify  the  SPAN  or  RSPAN  source.  A  source  can  be  a  physical  port,  a  port 
channel,  or  a  VLAN. 

(Optional)  Specify  the  traffic  direction  to  monitor.  If  you  do  not  specify  a 
traffic  direction,  the  source  interface  sends  both  transmitted  and  received 
traffic. 

Specify  the  SPAN  source  interface  as  a  VLAN  ID.  The  range  is  1  to  4094. 


all,  local,  remote 


Specify  all,  local,  or  remote  with  the  no  monitor  session  command  to  clear 
all  SPAN  and  RSPAN,  all  local  SPAN,  or  all  RSPAN  sessions. 


Defaults 


No  monitor  sessions  are  configured. 

On  a  source  interface,  the  default  is  to  monitor  both  received  and  transmitted  traffic. 
On  a  trunk  interface  used  as  a  source  port,  all  VLANs  are  monitored. 

If  encapsulation  replicate  is  not  specified  on  a  local  SPAN  destination  port,  packets  are  sent  in  native 
form  with  no  encapsulation  tag. 

Ingress  forwarding  is  disabled  on  destination  ports. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Traffic  that  enters  or  leaves  source  ports  or  source  VLANs  can  be  monitored  by  using  SPAN  or  RSPAN. 
Traffic  routed  to  source  ports  or  source  VLANs  cannot  be  monitored. 

You  can  set  a  combined  maximum  of  two  local  SPAN  sessions  and  RSPAN  source  sessions.  You  can  have 
a  total  of  66  SPAN  and  RSPAN  sessions  on  a  switch. 

You  can  have  a  maximum  of  64  destination  ports  on  a  switch. 
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Each  session  can  include  multiple  ingress  or  egress  source  ports  or  VLANs,  but  you  cannot  combine 
source  ports  and  source  VLANs  in  a  single  session.  Each  session  can  include  multiple  destination  ports. 

When  you  use  VLAN-based  SPAN  (VSPAN)  to  analyze  network  traffic  in  a  VLAN  or  set  of  VLANs,  all 
active  ports  in  the  source  VLANs  become  source  ports  for  the  SPAN  or  RSPAN  session.  Trunk  ports  are 
included  as  source  ports  for  VSPAN,  and  only  packets  with  the  monitored  VLAN  ID  are  sent  to  the 
destination  port. 

You  can  monitor  traffic  on  a  single  port  or  VLAN  or  on  a  series  or  range  of  ports  or  VLANs.  You  select 
a  series  or  range  of  interfaces  or  VLANs  by  using  the  [,  I  -]  options. 

If  you  specify  a  series  of  VLANs  or  interfaces,  you  must  enter  a  space  before  and  after  the  comma.  If 
you  specify  a  range  of  VLANs  or  interfaces,  you  must  enter  a  space  before  and  after  the  hyphen  (-). 

EtherChannel  ports  cannot  be  configured  as  SPAN  or  RSPAN  destination  ports.  A  physical  port  that  is 
a  member  of  an  EtherChannel  group  can  be  used  as  a  destination  port,  but  it  cannot  participate  in  the 
EtherChannel  group  while  it  is  as  a  SPAN  destination. 

You  can  monitor  individual  ports  while  they  participate  in  an  EtherChannel,  or  you  can  monitor  the 
entire  EtherChannel  bundle  by  specifying  the  port-channel  number  as  the  RSPAN  source  interface. 

A  port  used  as  a  destination  port  cannot  be  a  SPAN  or  RSPAN  source,  nor  can  a  port  be  a  destination 
port  for  more  than  one  session  at  a  time. 

You  can  enable  IEEE  802. lx  authentication  on  a  port  that  is  a  SPAN  or  RSPAN  destination  port; 
however,  IEEE  802.  lx  authentication  is  disabled  until  the  port  is  removed  as  a  SPAN  destination.  If  IEEE 
802.  lx  authentication  is  not  available  on  the  port,  the  switch  returns  an  error  message.  You  can  enable 
IEEE  802.  lx  authentication  on  a  SPAN  or  RSPAN  source  port. 

VLAN  filtering  refers  to  analyzing  network  traffic  on  a  selected  set  of  VLANs  on  trunk  source  ports.  By 
default,  all  VLANs  are  monitored  on  trunk  source  ports.  You  can  use  the  monitor  session 
session _number  filter  vlan  vlan-id  command  to  limit  SPAN  traffic  on  trunk  source  ports  to  only  the 
specified  VLANs. 

VLAN  monitoring  and  VLAN  filtering  are  mutually  exclusive.  If  a  VLAN  is  a  source,  VLAN  filtering 
cannot  be  enabled.  If  VLAN  filtering  is  configured,  a  VLAN  cannot  become  a  source. 

If  ingress  traffic  forwarding  is  enabled  for  a  network  security  device,  the  destination  port  forwards  traffic 
at  Layer  2. 

Destination  ports  can  be  configured  to  act  in  these  ways: 

•  When  you  enter  monitor  session  session _number  destination  interface  interface-id  with  no  other 
keywords,  egress  encapsulation  is  untagged,  and  ingress  forwarding  is  not  enabled. 

•  When  you  enter  monitor  session  session_number  destination  interface  interface-id  ingress,  egress 
encapsulation  is  untagged;  ingress  encapsulation  depends  on  the  keywords  that  follow — dotlq,  isl, 
or  untagged. 

•  When  you  enter  monitor  session  session _number  destination  interface  interface-id  encapsulation 

replicate  with  no  other  keywords,  egress  encapsulation  replicates  the  source  interface 
encapsulation;  ingress  forwarding  is  not  enabled.  (This  applies  to  local  SPAN  only;  RSPAN  does 
not  support  encapsulation  replication.) 

•  When  you  enter  monitor  session  session_number  destination  interface  interface-id  encapsulation 
replicate  ingress,  egress  encapsulation  replicates  the  source  interface  encapsulation;  ingress 
encapsulation  depends  on  the  keywords  that  follow — dotlq,  isl,  or  untagged.  (This  applies  to  local 
SPAN  only;  RSPAN  does  not  support  encapsulation  replication.) 
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Examples  This  example  shows  how  to  create  a  local  SPAN  session  1  to  monitor  both  sent  and  received  traffic  on 

source  port  1  to  destination  port  2: 

Switch (config) #  monitor  session  1  source  interface  gigabitethernetO/1  both 
Switch (config) #  monitor  session  1  destination  interface  gigabitethernetO/2 

This  example  shows  how  to  delete  a  destination  port  from  an  existing  local  SPAN  session: 

Switch (config) #  no  monitor  session  2  destination  gigabitethernetO/2 

This  example  shows  how  to  limit  SPAN  traffic  in  an  existing  session  only  to  specific  VLANs: 

Switch (config) #  monitor  session  1  filter  vlan  100  -  304 

This  example  shows  how  to  configure  RSPAN  source  session  1  to  monitor  multiple  source  interfaces  and 
to  configure  the  destination  RSPAN  VLAN  900. 

Switch (config) #  monitor  session  1  source  interface  gigabitethernetO/1 
Switch (config) #  monitor  session  1  source  interface  port-channel  2  tx 
Switch (config) #  monitor  session  1  destination  remote  vlan  900 

Switch (config) #  end 

This  example  shows  how  to  configure  an  RSPAN  destination  session  10  in  the  switch  receiving  the 
monitored  traffic. 

Switch (config) #  monitor  session  10  source  remote  vlan  900 

Switch (config) #  monitor  session  10  destination  interface  gigabitethernetO/2 

This  example  shows  how  to  configure  the  destination  port  for  ingress  traffic  on  VLAN  5  by  using  a 
security  device  that  supports  IEEE  802. 1Q  encapsulation.  Egress  traffic  replicates  the  source;  ingress 
traffic  uses  IEEE  802. 1Q  encapsulation. 

Switch (config) #  monitor  session  2  destination  interface  gigabitethernetO/2  encapsulation 
replicate  ingress  dotlq  vlan  5 

This  example  shows  how  to  configure  the  destination  port  for  ingress  traffic  on  VLAN  5  by  using  a 
security  device  that  does  not  support  encapsulation.  Egress  traffic  replicates  the  source  encapsulation; 
ingress  traffic  is  untagged. 

Switch (config) #  monitor  session  2  destination  interface  gigabitethernetO/2  encapsulation 
replicate  ingress  untagged  vlan  5 

You  can  verify  your  settings  by  entering  the  show  monitor  privileged  EXEC  command.  You  can  display 
SPAN  and  RSPAN  configuration  on  the  switch  by  entering  the  show  running-config  privileged  EXEC 
command.  SPAN  information  appears  near  the  end  of  the  output. 
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Related  Commands      Command  Description 

remote-span  Configures  an  RSPAN  VLAN  in  vlan  configuration  mode. 

show  monitor  Displays  SPAN  and  RSPAN  session  information. 

show  running-config  Displays  the  current  operating  configuration.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command 
Reference,  Release  12.2  >  File  Management  Commands  > 
Configuration  File  Management  Commands. 


2-238 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Chapter  2    CGESM  Switch  Cisco  IPS  Commands 


mvr  (global  configuration)  SSI 


mvr  (global  configuration) 

Use  the  mvr  global  configuration  command  without  keywords  to  enable  the  multicast  VLAN  registration 
(MVR)  feature  on  the  switch.  Use  the  command  with  keywords  to  set  the  MVR  mode  for  a  switch, 
configure  the  MVR  IP  multicast  address,  set  the  maximum  time  to  wait  for  a  query  reply  before 
removing  a  port  from  group  membership,  and  to  specify  the  MVR  multicast  VLAN.  Use  the  no  form  of 
this  command  to  return  to  the  default  settings. 

mvr  [group  ip-address  [count]  I  mode  [compatible  I  dynamic]  I  querytime  value  I  vlan  vlan-id] 

no  mvr  [group  ip-address  I  mode  [compatible  I  dynamic]  I  querytime  value  I  vlan  vlan-id] 


Syntax  Description       group  ip-address  Statically  configure  an  MVR  group  IP  multicast  address  on  the  switch. 


Use  the  no  form  of  this  command  to  remove  a  statically  configured  IP 
multicast  address  or  contiguous  addresses  or,  when  no  IP  address  is  entered, 
to  remove  all  statically  configured  MVR  IP  multicast  addresses. 


count 

(Optional)  Configure  multiple  contiguous  MVR  group  addresses.  The  range 

is  1  to  256;  the  default  is  1. 

mode 

(Optional)  Specify  the  MVR  mode  of  operation. 

The  default  is  compatible  mode. 

compatible 

Set  MVR  mode  to  provide  compatibility  with  Catalyst  2900  XL  and 

Catalyst  3500  XL  switches.  This  mode  does  not  allow  dynamic  membership 

joins  on  source  ports. 

dynamic 

Set  MVR  mode  to  allow  dynamic  MVR  membership  on  source  ports. 

querytime  value  (Optional)  Set  the  maximum  time  to  wait  for  IGMP  report  memberships  on 


a  receiver  port.  This  time  applies  only  to  receiver-port  leave  processing. 
When  an  IGMP  query  is  sent  from  a  receiver  port,  the  switch  waits  for  the 
default  or  configured  MVR  querytime  for  an  IGMP  group  membership 
report  before  removing  the  port  from  multicast  group  membership. 

The  value  is  the  response  time  in  units  of  tenths  of  a  second.  The  range  is  1 
to  100;  the  default  is  5  tenths  or  one-half  second. 

Use  the  no  form  of  the  command  to  return  to  the  default  setting. 

vlan  vlan-id  (Optional)  Specify  the  VLAN  on  which  MVR  multicast  data  is  expected  to 

be  received.  This  is  also  the  VLAN  to  which  all  the  source  ports  belong.  The 
range  is  1  to  4094;  the  default  is  VLAN  1. 


Defaults  MVR  is  disabled  by  default. 

The  default  MVR  mode  is  compatible  mode. 

No  IP  multicast  addresses  are  configured  on  the  switch  by  default. 

The  default  group  ip  address  count  is  0. 

The  default  query  response  time  is  5  tenths  of  or  one-half  second. 
The  default  multicast  VLAN  for  MVR  is  VLAN  1. 
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Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       A  maximum  of  256  MVR  multicast  groups  can  be  configured  on  a  switch. 

Use  the  mvr  group  command  to  statically  set  up  all  the  IP  multicast  addresses  that  will  take  part  in 
MVR.  Any  multicast  data  sent  to  a  configured  multicast  address  is  sent  to  all  the  source  ports  on  the 
switch  and  to  all  receiver  ports  that  have  registered  to  receive  data  on  that  IP  multicast  address. 

MVR  supports  aliased  IP  multicast  addresses  on  the  switch.  However,  if  the  switch  is  interoperating  with 
Catalyst  3550  or  Catalyst  3500  XL  switches,  you  should  not  configure  IP  addresses  that  alias  between 
themselves  or  with  the  reserved  IP  multicast  addresses  (in  the  range  224.0.0.xxx). 

The  mvr  querytime  command  applies  only  to  receiver  ports. 

If  the  switch  MVR  is  interoperating  with  Catalyst  2900  XL  or  Catalyst  3500  XL  switches,  set  the 
multicast  mode  to  compatible. 

When  operating  in  compatible  mode,  MVR  does  not  support  IGMP  dynamic  joins  on  MVR  source  ports. 
MVR  can  coexist  with  IGMP  snooping  on  a  switch. 

Multicast  routing  and  MVR  cannot  coexist  on  a  switch.  If  you  enable  multicast  routing  and  a  multicast 
routing  protocol  while  MVR  is  enabled,  MVR  is  disabled  and  a  warning  message  appears.  If  you  try  to 
enable  MVR  while  multicast  routing  and  a  multicast  routing  protocol  are  enabled,  the  operation  to 
enable  MVR  is  cancelled  with  an  Error  message. 


Examples  This  example  shows  how  to  enable  MVR: 

Switch (config) #  mvr 

Use  the  show  mvr  privileged  EXEC  command  to  display  the  current  setting  for  maximum  multicast 
groups. 

This  example  shows  how  to  configure  228.1.23.4  as  an  IP  multicast  address: 

Switch (config) #  mvr  group  228.1.23.4 

This  example  shows  how  to  configure  ten  contiguous  IP  multicast  groups  with  multicast  addresses  from 
228.1.23.1  to  228.1.23.10: 

Switch (config) #  mvr  group  228.1.23.1  10 

Use  the  show  mvr  members  privileged  EXEC  command  to  display  the  IP  multicast  group  addresses 
configured  on  the  switch. 

This  example  shows  how  to  set  the  maximum  query  response  time  as  one  second  (10  tenths): 

Switch (config) #  mvr  querytime  10 

This  example  shows  how  to  set  VLAN  2  as  the  multicast  VLAN: 

Switch (config) #  mvr  vlan  2 

You  can  verify  your  settings  by  entering  the  show  mvr  privileged  EXEC  command. 
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Related  Commands      Command  Description 


mvr  (interface  configuration) 

Configures  MVR  ports. 

show  mvr 

Displays  MVR  global  parameters  or  port  parameters. 

show  mvr  interface 

Displays  the  configured  MVR  interfaces  with  their  type,  status, 

and  Immediate  Leave  configuration.  Also  displays  all  MVR 

groups  of  which  the  interface  is  a  member. 

show  mvr  members 

Displays  all  ports  that  are  members  of  an  MVR  multicast  group; 

if  the  group  has  no  members,  its  status  is  shown  as  Inactive. 
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mvr  (interface  configuration) 


Use  the  mvr  interface  configuration  command  to  configure  a  Layer  2  port  as  a  multicast  VLAN 
registration  (MVR)  receiver  or  source  port,  to  set  the  Immediate  Leave  feature,  and  to  statically  assign 
a  port  to  an  IP  multicast  VLAN  and  IP  address.  Use  the  no  form  of  this  command  to  return  to  the  default 
settings. 

mvr  [immediate  I  type  (receiver  I  source}  I  vlan  vlan-id  group  [ip-address]] 
no  mvr  [immediate  I  type  {source  I  receiver}!  vlan  vlan-id  group  [ip-address]] 


Syntax  Description  immediate 


vlan  vlan-id  group 


ip-address 


(Optional)  Enable  the  Immediate  Leave  feature  of  MVR  on  a  port.  Use 
the  no  mvr  immediate  command  to  disable  the  feature. 


type  (Optional)  Configure  the  port  as  an  MVR  receiver  port  or  a  source  port. 

The  default  port  type  is  neither  an  MVR  source  nor  a  receiver  port.  The 
no  mvr  type  command  resets  the  port  as  neither  a  source  or  a  receiver 
port. 

receiver  Configure  the  port  as  a  subscriber  port  that  can  only  receive  multicast 

data.  Receiver  ports  cannot  belong  to  the  multicast  VLAN. 

source  Configure  the  port  as  an  uplink  port  that  can  send  and  receive  multicast 

data  for  the  configured  multicast  groups.  All  source  ports  on  a  switch 
belong  to  a  single  multicast  VLAN. 


(Optional)  Add  the  port  as  a  static  member  of  the  multicast  group  with 
the  specified  VLAN  ID. 

The  no  mvr  vlan  vlan-id  group  command  removes  a  port  on  a  VLAN 
from  membership  in  an  IP  multicast  address  group. 

(Optional)  Statically  configure  the  specified  MVR  IP  multicast  group 
address  for  the  specified  multicast  VLAN  ID.  This  is  the  IP  address  of  the 
multicast  group  that  the  port  is  joining. 


Defaults 


A  port  is  configured  as  neither  a  receiver  nor  a  source. 

The  Immediate  Leave  feature  is  disabled  on  all  ports. 

No  receiver  port  is  a  member  of  any  configured  multicast  group. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 
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mvr  (interface  configuration)  US 


Usage  Guidelines        Configure  a  port  as  a  source  port  if  that  port  should  be  able  to  both  send  and  receive  multicast  data  bound 
for  the  configured  multicast  groups.  Multicast  data  is  received  on  all  ports  configured  as  source  ports. 

Receiver  ports  cannot  be  trunk  ports.  Receiver  ports  on  a  switch  can  be  in  different  VLANs,  but  should 
not  belong  to  the  multicast  VLAN. 

A  port  that  is  not  taking  part  in  MVR  should  not  be  configured  as  an  MVR  receiver  port  or  a  source  port. 
A  non-MVR  port  is  a  normal  switch  port,  able  to  send  and  receive  multicast  data  with  normal  switch 
behavior. 

When  Immediate  Leave  is  enabled,  a  receiver  port  leaves  a  multicast  group  more  quickly.  Without 
Immediate  Leave,  when  the  switch  receives  an  IGMP  leave  message  from  a  group  on  a  receiver  port,  it 
sends  out  an  IGMP  MAC-based  query  on  that  port  and  waits  for  IGMP  group  membership  reports.  If  no 
reports  are  received  in  a  configured  time  period,  the  receiver  port  is  removed  from  multicast  group 
membership.  With  Immediate  Leave,  an  IGMP  MAC-based  query  is  not  sent  from  the  receiver  port  on 
which  the  IGMP  leave  was  received.  As  soon  as  the  leave  message  is  received,  the  receiver  port  is 
removed  from  multicast  group  membership,  which  speeds  up  leave  latency. 

The  Immediate  Leave  feature  should  be  enabled  only  on  receiver  ports  to  which  a  single  receiver  device 
is  connected. 

The  mvr  vlan  group  command  statically  configures  ports  to  receive  multicast  traffic  sent  to  the  IP 
multicast  address.  A  port  statically  configured  as  a  member  of  group  remains  a  member  of  the  group  until 
statically  removed.  In  compatible  mode,  this  command  applies  only  to  receiver  ports;  in  dynamic  mode, 
it  can  also  apply  to  source  ports.  Receiver  ports  can  also  dynamically  join  multicast  groups  by  using 
IGMP  join  messages. 

When  operating  in  compatible  mode,  MVR  does  not  support  IGMP  dynamic  joins  on  MVR  source  ports. 


Examples  This  example  shows  how  to  configure  a  port  as  an  MVR  receiver  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  mvr  type  receiver 

Use  the  show  mvr  interface  privileged  EXEC  command  to  display  configured  receiver  ports  and  source 
ports. 

This  example  shows  how  to  enable  Immediate  Leave  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if ) #  mvr  immediate 

This  example  shows  how  to  add  a  port  on  VLAN  1  as  a  static  member  of  IP  multicast  group  228.1.23.4: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if ) #  mvr  vlanl  group  230.1.23.4 

You  can  verify  your  settings  by  entering  the  show  mvr  members  privileged  EXEC  command. 
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Related  Commands      Command  Description 


mvr  (global  configuration) 

Enables  and  configures  multicast  VLAN  registration  on  the  switch. 

show  mvr 

Displays  MVR  global  parameters  or  port  parameters. 

show  mvr  interface 

Displays  the  configured  MVR  interfaces  or  displays  the  multicast 

groups  to  which  a  receiver  port  belongs.  Also  displays  all  MVR 

groups  of  which  the  interface  is  a  member. 

show  mvr  members 

Displays  all  receiver  ports  that  are  members  of  an  MVR  multicast 

group. 
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pagp  learn-method  I 


pagp  learn-method 


Use  the  pagp  learn-method  interface  configuration  command  to  learn  the  source  address  of  incoming 
packets  received  from  an  EtherChannel  port.  Use  the  no  form  of  this  command  to  return  to  the  default 
setting. 

pagp  learn-method  {aggregation-port  I  physical-port} 
no  pagp  learn-method 


Syntax  Description  aggregation-port 


physical-port 


Specify  address  learning  on  the  logical  port-channel.  The  switch  sends 
packets  to  the  source  using  any  of  the  ports  in  the  EtherChannel.  This  setting 
is  the  default.  With  aggregate-port  learning,  it  is  not  important  on  which 
physical  port  the  packet  arrives. 

Specify  address  learning  on  the  physical  port  within  the  EtherChannel.  The 
switch  sends  packets  to  the  source  using  the  same  port  in  the  EtherChannel 
from  which  it  learned  the  source  address.  The  other  end  of  the  channel  uses 
the  same  port  in  the  channel  for  a  particular  destination  MAC  or  IP  address. 


Defaults 


The  default  is  aggregation-port  (logical  port  channel). 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines        The  learn  method  must  be  configured  the  same  at  both  ends  of  the  link. 


Note 


The  switch  supports  address  learning  only  on  aggregate  ports  even  though  the  physical-port  keyword  is 
provided  in  the  command-line  interface  (CLI).  The  pagp  learn-method  and  the  pagp  port-priority 

interface  configuration  commands  have  no  effect  on  the  switch  hardware,  but  they  are  required  for  PAgP 
interoperability  with  devices  that  only  support  address  learning  by  physical  ports,  such  as  the 
Catalyst  1900  switch. 

When  the  link  partner  to  the  switch  is  a  physical  learner,  we  recommend  that  you  configure  the  switch 
as  a  physical-port  learner  by  using  the  pagp  learn-method  physical-port  interface  configuration 
command  and  to  set  the  load-distribution  method  based  on  the  source  MAC  address  by  using  the 
port-channel  load-balance  src-mac  global  configuration  command.  Use  the  pagp  learn-method 

interface  configuration  command  only  in  this  situation. 
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Examples  This  example  shows  how  to  set  the  learning  method  to  learn  the  address  on  the  physical  port  within  the 

EtherChannel: 

Switch ( config-if ) #  pagp  learn-method  physical-port 

This  example  shows  how  to  set  the  learning  method  to  learn  the  address  on  the  port-channel  within  the 
EtherChannel: 

Switch(conf ig-if ) #  pagp  learn-method  aggregation-port 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command  or  the 
show  pagp  channel-group-number  internal  privileged  EXEC  command. 


Related  Commands      Command  Description 

pagp  port-priority        Selects  a  port  over  which  all  traffic  through  the  EtherChannel  is  sent, 
show  pagp  Displays  PAgP  channel-group  information. 

show  running-config     Displays  the  current  operating  configuration.  For  syntax  information,  select 
Cisco  IOS  Configuration  Fundamentals  Command  Reference,  Release  12.2 
>  File  Management  Commands  >  Configuration  File  Management 
Commands. 
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pagp  port-priority 


Use  the  pagp  port-priority  interface  configuration  command  to  select  a  port  over  which  all  Port 
Aggregation  Protocol  (PAgP)  traffic  through  the  EtherChannel  is  sent.  If  all  unused  ports  in  the 
EtherChannel  are  in  hot-standby  mode,  they  can  be  placed  into  operation  if  the  currently  selected  port 
and  link  fails.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

pagp  port-priority  priority 

no  pagp  port-priority 


Syntax  Description  priority 


A  priority  number  ranging  from  0  to  255. 


Defaults 


The  default  is  128. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  physical  port  with  the  highest  priority  that  is  operational  and  has  membership  in  the  same 
EtherChannel  is  the  one  selected  for  PAgP  transmission. 


Note 


The  switch  supports  address  learning  only  on  aggregate  ports  even  though  the  physical-port  keyword  is 
provided  in  the  command-line  interface  (CLI).  The  pagp  learn-method  and  the  pagp  port-priority 

interface  configuration  commands  have  no  effect  on  the  switch  hardware,  but  they  are  required  for  PAgP 
interoperability  with  devices  that  only  support  address  learning  by  physical  ports,  such  as  the 
Catalyst  1900  switch. 

When  the  link  partner  to  the  switch  is  a  physical  learner,  we  recommend  that  you  configure  the  switch 
as  a  physical-port  learner  by  using  the  pagp  learn-method  physical-port  interface  configuration 
command  and  to  set  the  load-distribution  method  based  on  the  source  MAC  address  by  using  the 
port-channel  load-balance  src-mac  global  configuration  command.  Use  the  pagp  learn-method 

interface  configuration  command  only  in  this  situation. 


Examples 


This  example  shows  how  to  set  the  port  priority  to  200: 

Switch (config-if) #  pagp  port-priority  200 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command  or  the 
show  pagp  channel- group-number  internal  privileged  EXEC  command. 
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Related  Commands      Command  Description 

pagp  learn-method       Provides  the  ability  to  learn  the  source  address  of  incoming  packets, 
show  pagp  Displays  PAgP  channel-group  information. 

show  running-config     Displays  the  current  operating  configuration.  For  syntax  information,  select 
Cisco  IOS  Configuration  Fundamentals  Command  Reference,  Release  12.2 
>  File  Management  Commands  >  Configuration  File  Management 
Commands. 
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permit  (MAC  access-list  configuration) 

Use  the  permit  MAC  access-list  configuration  command  to  allow  non-IP  traffic  to  be  forwarded  if  the 
conditions  are  matched.  Use  the  no  form  of  this  command  to  remove  a  permit  condition  from  the 
extended  MAC  access  list. 

{permit  I  deny}  {any  I  host  src-MAC-addr  I  src-MAC-addr  mask}  {any  I  host  dst-MAC-addr  I 
dst-MAC-addr  mask}  [type  mask  I  cos  cos  I  aarp  I  amber  I  dec-spanning  I  decnet-iv  I 
diagnostic  I  dsm  I  etype-6000  I  etype-8042  I  lat  I  lavc-sca  I  lsap  Isap  mask  I  mop-console  I 
mop-dump  I  msdos  I  mumps  I  netbios  I  vines-echo  I  vines-ip  I  xns-idp] 

no  {permit  I  deny}  {any  I  host  src-MAC-addr  I  src-MAC-addr  mask}  {any  I  host  dst-MAC-addr  I 
dst-MAC-addr  mask}  [type  mask  I  cos  cos  I  aarp  I  amber  I  dec-spanning  I  decnet-iv  I 
diagnostic  I  dsm  I  etype-6000  I  etype-8042  I  lat  I  lavc-sca  I  lsap  lsap  mask  I  mop-console  I 
mop-dump  I  msdos  I  mumps  I  netbios  I  vines-echo  Ivines-ip  I  xns-idp] 

X   

Note      Though  visible  in  the  command-line  help  strings,  appletalk  is  not  supported  as  a  matching  condition. 


Syntax  Description 


any 

Keyword  to  specify  to  deny  any  source  or  destination  MAC  address. 

host  src-MAC-addr  1 

Define  a  host  MAC  address  and  optional  subnet  mask.  If  the  source 

src-MAC-addr  mask 

ii              r                      i      i            .     i           .1         if          ill                            Tn  .        Oi—       n             .  i  . 

address  for  a  packet  matches  the  defined  address,  non-IP  traffic  from  that 

address  is  denied. 

host  dst-MAC-addr  1 

Define  a  destination  MAC  address  and  optional  subnet  mask.  If  the 

dst-MAC-addr  mask 

destination  address  for  a  packet  matches  the  defined  address,  non-IP 

traffic  to  that  address  is  denied. 

type  mask 

(Optional)  Use  the  Ethertype  number  of  a  packet  with  Ethernet  II  or 

SNAP  encapsulation  to  identify  the  protocol  of  the  packet. 

•    type  is  0  to  65535,  specified  in  hexadecimal. 

•    mask  is  a  mask  of  don't  care  bits  applied  to  the  Ethertype  before 

testing  for  a  match. 

aarp 

(Optional)  Select  Ethertype  AppleTalk  Address  Resolution  Protocol  that 

maps  a  data-link  address  to  a  network  address. 

amber 

(Optional)  Select  EtherType  DEC-Amber. 

cos  cos 

(Optional)  Select  an  arbitrary  class  of  service  (CoS)  number  from  0  to  7 

to  set  priority.  Filtering  on  CoS  can  be  performed  only  in  hardware.  A 

warning  message  appears  if  the  cos  option  is  configured. 

dec-spanning 

(Optional)  Select  EtherType  Digital  Equipment  Corporation  (DEC) 

spanning  tree. 

decnet-iv 

(Optional)  Select  EtherType  DECnet  Phase  IV  protocol. 

diagnostic 

(Optional)  Select  EtherType  DEC-Diagnostic. 

dsm 

(Optional)  Select  EtherType  DEC-DSM. 

etype-6000 

(Optional)  Select  EtherType  0x6000. 

etype-8042 

(Optional)  Select  EtherType  0x8042. 

lat 

(Optional)  Select  EtherType  DEC-LAT. 

lavc-sca 

(Optional)  Select  EtherType  DEC-LAVC-SCA. 
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testing  for  a  match. 

m  on-con  sol  f» 

(Optional)  Select  EtherTvne  DEC-MOP  Remote  Console 

mop-dump 

(Optional)  Select  Ether  lype  DEC-MOP  Dump. 

msdos 

(Optional)  Select  EtherType  DEC-MSDOS. 

mumps 

(Optional)  Select  EtherType  DEC-MUMPS. 

netbios 

(Optional)  Select  EtherType  DEC-  Network  Basic  Input/Output  System 

(NETBIOS). 

vines-echo 

(Optional)  Select  EtherType  Virtual  Integrated  Network  Service  (VINES) 

Echo  from  Banyan  Systems. 

vines-ip 

(Optional)  Select  EtherType  VINES  IP. 

xns-idp 

(Optional)  Select  EtherType  Xerox  Network  Systems  (XNS)  protocol 

suite. 

To  filter  IPX  traffic,  you  use  the  type  mask  or  lsap  Isap  mask  keywords,  depending  on  the  type  of  IPX 
encapsulation  being  used.  Filter  criteria  for  IPX  encapsulation  types  as  specified  in  Novell  terminology 
and  Cisco  IOS  terminology  are  listed  in  Table  2-14. 

Table  2-14  IPX  Filtering  Criteria 


IPX  Encapsulation  Type 

Cisco  IOS  Name 

Novell  Name 

Filter  Criterion 

arpa 

Ethernet  II 

Ethertype  0x8137 

snap 

Ethernet-snap 

Ethertype  0x8137 

sap 

Ethernet  802.2 

LSAP  OxEOEO 

novell-ether 

Ethernet  802.3 

LSAP  OxFFFF 

Defaults  This  command  has  no  defaults.  However,  the  default  action  for  a  MAC-named  ACL  is  to  deny. 


Command  Modes        MAC  access-list  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       You  enter  MAC  access-list  configuration  mode  by  using  the  mac  access-list  extended  global 
configuration  command. 

If  you  use  the  host  keyword,  you  cannot  enter  an  address  mask;  if  you  do  not  use  the  any  or  host 
keywords,  you  must  enter  an  address  mask. 
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After  an  access  control  entry  (ACE)  is  added  to  an  access  control  list,  an  implied  deny-any-any 
condition  exists  at  the  end  of  the  list.  That  is,  if  there  are  no  matches,  the  packets  are  denied.  However, 
before  the  first  ACE  is  added,  the  list  permits  all  packets. 

For  more  information  about  MAC-named  extended  access  lists,  see  the  software  configuration  guide  for 
this  release. 


Examples  This  example  shows  how  to  define  the  MAC-named  extended  access  list  to  allow  NETBIOS  traffic  from 

any  source  to  MAC  address  00c0.00a0.03fa.  Traffic  matching  this  list  is  allowed. 

Switch ( conf ig-ext-macl ) #  permit  any  host  00c0.00a0.03fa  netbios 

This  example  shows  how  to  remove  the  permit  condition  from  the  MAC-named  extended  access  list: 

Switch (conf ig-ext-macl ) #  no  permit  any  OOcO . OOaO . 03f a  0000.0000.0000  netbios 

This  example  permits  all  packets  with  Ethertype  0x4321: 

Switch ( conf ig-ext-macl ) #  permit  any  any  0x4321  0 

You  can  verify  your  settings  by  entering  the  show  access-lists  privileged  EXEC  command. 


Related  Commands      Command  Description 


deny  (MAC  access-list 

Denies  non-IP  traffic  to  be  forwarded  if  conditions  are  matched. 

configuration) 

mac  access-list  extended 

Creates  an  access  list  based  on  MAC  addresses  for  non-IP  traffic. 

show  access-lists 

Displays  access  control  lists  configured  on  a  switch. 
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police 


Use  the  police  policy-map  class  configuration  command  to  define  a  policer  for  classified  traffic.  A 
policer  defines  a  maximum  permissible  rate  of  transmission,  a  maximum  burst  size  for  transmissions, 
and  an  action  to  take  if  either  maximum  is  exceeded.  Use  the  no  form  of  this  command  to  remove  an 
existing  policer. 

police  rate-bps  burst-byte  [exceed-action  {drop  I  policed-dscp-transmit}] 
no  police  rate -bps  burst-byte  [exceed-action  {drop  I  policed-dscp-transmit}] 


Syntax  Description  rate-bps 


burst-byte 


Specify  the  average  traffic  rate  in  bits  per  second  (b/s).  The  range  is  1000000 
to  1000000000. 

Specify  the  normal  burst  size  in  bytes.  The  range  is  8000  to  1000000. 


exceed-action  drop        (Optional)  When  the  specified  rate  is  exceeded,  specify  that  the  switch  drop 
the  packet. 

exceed-action  (Optional)  When  the  specified  rate  is  exceeded,  specify  that  the  switch 

policed-dscp-transmit    changes  the  Differentiated  Services  Code  Point  (DSCP)  of  the  packet  to  that 

specified  in  the  policed-DSCP  map  and  then  sends  the  packet. 


Defaults 


No  policers  are  defined. 


Command  Modes 


Policy-map  class  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


When  configuring  hierarchical  policy  maps,  you  can  only  use  the  police  policy-map  command  in  a 
secondary  interface-level  policy  map. 

The  port  ASIC  device,  which  controls  more  than  one  physical  port,  supports  256  policers  (255 
user-configurable  policers  plus  1  policer  reserved  for  internal  use).  The  maximum  number  of 
user-configurable  policers  supported  per  port  is  63.  Policers  are  allocated  on  demand  by  the  software  and 
are  constrained  by  the  hardware  and  ASIC  boundaries.  You  cannot  reserve  policers  per  port.  There  is  no 
guarantee  that  a  port  will  be  assigned  to  any  policer. 

To  return  to  policy-map  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode, 
use  the  end  command. 
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Policing  uses  a  token-bucket  algorithm.  You  configure  the  bucket  depth  (the  maximum  burst  that  is 
tolerated  before  the  bucket  overflows)  by  using  the  burst-byte  option  of  the  police  policy-map  class 
configuration  command  or  the  mis  qos  aggregate-policer  global  configuration  command.  You  configure 
how  quickly  (the  average  rate)  the  tokens  are  removed  from  the  bucket  by  using  the  rate-bps  option  of 
the  police  policy-map  class  configuration  command  or  the  mis  qos  aggregate-policer  global 
configuration  command.  For  more  information,  see  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  configure  a  policer  that  drops  packets  if  traffic  exceeds  1  Mb/s  average  rate 

with  a  burst  size  of  20  KB.  The  DSCPs  of  incoming  packets  are  trusted,  and  there  is  no  packet 
modification. 

Switch(conf ig) #  policy-map  policyl 
Switch (conf ig-pmap) #  class  classl 
Switch (conf ig-pmap-c) #  trust  dscp 

Switch ( conf ig-pmap-c ) #  police  1000000  20000  exceed-action  drop 

Switch (conf ig-pmap-c ) #  exit 

This  example  shows  how  to  configure  a  policer,  which  marks  down  the  DSCP  values  with  the  values 
defined  in  policed-DSCP  map  and  sends  the  packet: 

Switch (conf ig) #  policy-map  policy2 

Switch (conf ig-pmap) #  class  class2 

Switch (conf ig-pmap-c ) #  police  1000000  20000  exceed-action  policed-dscp-transmit 

Switch ( conf ig-pmap-c ) #  exit 

You  can  verify  your  settings  by  entering  the  show  policy-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class 

Defines  a  traffic  classification  match  criteria  (through  the  police,  set, 

and  trust  policy-map  class  configuration  commands)  for  the 

specified  class-map  name. 

mis  qos  map  policed-dscp 

Applies  a  policed-DSCP  map  to  a  DSCP-trusted  port. 

policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple 

ports  to  specify  a  service  policy. 

set 

Classifies  IP  traffic  by  setting  a  DSCP  or  IP-precedence  value  in  the 

packet. 

show  policy-map 

Displays  quality  of  service  (QoS)  policy  maps. 

trust 

Defines  a  trust  state  for  traffic  classified  through  the  class 

policy-map  configuration  or  the  class-map  global  configuration 

command. 
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police  aggregate 


Use  the  police  aggregate  policy-map  class  configuration  command  to  apply  an  aggregate  policer  to 
multiple  classes  in  the  same  policy  map.  A  policer  defines  a  maximum  permissible  rate  of  transmission, 
a  maximum  burst  size  for  transmissions,  and  an  action  to  take  if  either  maximum  is  exceeded.  Use  the 
no  form  of  this  command  to  remove  the  specified  policer. 

police  aggregate  aggregate-policer-name 

no  police  aggregate  aggregate-policer-name 


Syntax  Description  aggregate-policer-name 


Name  of  the  aggregate  policer. 


Defaults 


No  aggregate  policers  are  defined. 


Command  Modes        Policy-map  class  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  port  ASIC  device,  which  controls  more  than  one  physical  port,  supports  256  policers  (255 
user-configurable  policers  plus  1  policer  reserved  for  internal  use).  The  maximum  number  of 
user-configurable  policers  supported  per  port  is  63.  Policers  are  allocated  on  demand  by  the  software  and 
are  constrained  by  the  hardware  and  ASIC  boundaries.  You  cannot  reserve  policers  per  port.  There  is  no 
guarantee  that  a  port  will  be  assigned  to  any  policer. 

You  set  aggregate  policer  parameters  by  using  the  mis  qos  aggregate-policer  global  configuration 
command.  You  apply  an  aggregate  policer  to  multiple  classes  in  the  same  policy  map;  you  cannot  use  an 
aggregate  policer  across  different  policy  maps. 

To  return  to  policy-map  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode, 
use  the  end  command. 

You  cannot  configure  aggregate  policers  in  hierarchical  policy  maps. 
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Examples  This  example  shows  how  to  define  the  aggregate  policer  parameters  and  to  apply  the  policer  to  multiple 

classes  in  a  policy  map: 

Switch (config) #  mis  qos  aggregate-policer  agg_policerl  10000  1000000  exceed-action  drop 

Switch (config) #  policy-map  policy2 
Switch (conf ig-pmap) #  class  classl 

Switch ( conf ig-pmap-c ) #  police  aggregate  agg_policerl 

Switch (conf ig-pmap-c) #  exit 
Switch (conf ig-pmap) #  class  class2 
Switch ( conf ig-pmap-c ) #  set  dscp  10 

Switch ( conf ig-pmap-c ) #  police  aggregate  agg_policerl 

Switch ( conf ig-pmap-c ) #  exit 
Switch (conf ig-pmap) #  class  class3 
Switch (conf ig-pmap-c) #  trust  dscp 

Switch (conf ig-pmap-c) #  police  aggregate  agg_policer2 

Switch ( conf ig-pmap-c ) #  exit 

You  can  verify  your  settings  by  entering  the  show  mis  qos  aggregate-policer  privileged  EXEC 
command. 


Related  Commands      Command  Description 

mis  qos  aggregate-policer  Defines  policer  parameters,  which  can  be  shared  by  multiple 

classes  within  a  policy  map. 

show  mis  qos  aggregate-policer       Displays  the  quality  of  service  (QoS)  aggregate  policer 

configuration. 
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policy-map 


Use  the  policy-map  global  configuration  command  to  create  or  modify  a  policy  map  that  can  be  attached 
to  multiple  physical  ports  or  switch  virtual  interfaces  (SVIs)  and  to  enter  policy-map  configuration 
mode.  Use  the  no  form  of  this  command  to  delete  an  existing  policy  map  and  to  return  to  global 
configuration  mode. 

policy-map  policy-map-name 

no  policy-map  policy-map-name 


Syntax  Description  policy-map-name 


Name  of  the  policy  map. 


Defaults 


No  policy  maps  are  defined. 

The  default  behavior  is  to  set  the  Differentiated  Services  Code  Point  (DSCP)  to  0  if  the  packet  is  an  IP 
packet  and  to  set  the  class  of  service  (CoS)  to  0  if  the  packet  is  tagged.  No  policing  is  performed. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


After  entering  the  policy-map  command,  you  enter  policy-map  configuration  mode,  and  these 
configuration  commands  are  available: 

•  class:  defines  the  classification  match  criteria  for  the  specified  class  map.  For  more  information,  see 
the  "class"  section  on  page  2-32. 

•  description:  describes  the  policy  map  (up  to  200  characters). 

•  exit:  exits  policy-map  configuration  mode  and  returns  you  to  global  configuration  mode. 

•  no:  removes  a  previously  defined  policy  map. 

•  rename:  renames  the  current  policy  map. 

To  return  to  global  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode,  use 
the  end  command. 

Before  configuring  policies  for  classes  whose  match  criteria  are  defined  in  a  class  map,  use  the 
policy-map  command  to  specify  the  name  of  the  policy  map  to  be  created,  added  to,  or  modified. 
Entering  the  policy-map  command  also  enables  the  policy-map  configuration  mode  in  which  you  can 
configure  or  modify  the  class  policies  for  that  policy  map. 

You  can  configure  class  policies  in  a  policy  map  only  if  the  classes  have  match  criteria  defined  for  them. 
To  configure  the  match  criteria  for  a  class,  use  the  class-map  global  configuration  and  match  class-map 
configuration  commands.  You  define  packet  classification  on  a  physical-port  basis. 
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Only  one  policy  map  per  ingress  port  or  S  VI  is  supported.  You  can  apply  the  same  policy  map  to  multiple 
physical  ports  or  SVIs. 

You  can  apply  a  nonhierarchical  policy  maps  to  physical  ports  or  to  SVIs.  A  nonhierarchical  policy  map 
is  the  same  as  a  port-based  policy  maps.  However,  you  can  only  apply  a  hierarchical  policy  map  to  SVIs. 

A  hierarchical  policy  map  has  two  levels.  The  first  level,  the  VLAN  level,  specifies  the  actions  to  be 
taken  against  a  traffic  flow  on  an  SVI.  The  second  level,  the  interface  level,  specifies  the  actions  to  be 
taken  against  the  traffic  on  the  physical  ports  that  belong  to  the  SVI  and  are  specified  in  the 
interface-level  policy  map. 

In  a  primary  VLAN-level  policy  map,  you  can  only  configure  the  trust  state  or  set  a  new  DSCP  or  IP 
precedence  value  in  the  packet.  In  a  secondary  interface-level  policy  map,  you  can  only  configure 
individual  policers  on  physical  ports  that  belong  to  the  SVI. 

After  the  hierarchical  policy  map  is  attached  to  an  SVI,  an  interface-level  policy  map  cannot  be  modified 
or  removed  from  the  hierarchical  policy  map.  A  new  interface-level  policy  map  also  cannot  be  added  to 
the  hierarchical  policy  map.  If  you  want  these  changes  to  occur,  the  hierarchical  policy  map  must  first 
be  removed  from  the  SVI. 

For  more  information  about  hierarchical  policy  maps,  see  the  "Policing  on  SVIs"  section  in  the 
"Configuring  QoS"  chapter  of  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  create  a  policy  map  called  policy  1.  When  attached  to  the  ingress  port,  it 

matches  all  the  incoming  traffic  defined  in  class  1,  sets  the  IP  DSCP  to  10,  and  polices  the  traffic  at  an 
average  rate  of  1  Mb/s  and  bursts  at  20  KB.  Traffic  exceeding  the  profile  is  marked  down  to  a  DSCP 
value  gotten  from  the  policed-DSCP  map  and  then  sent. 

Switch (config) #  policy-map  policyl 
Switch (conf ig-pmap) #  class  classl 
Switch (conf ig-pmap-c) #  set  dscp  10 

Switch (conf ig-pmap-c) #  police  1000000  20000  exceed-action  policed-dscp-transmit 

Switch (conf ig-pmap-c) #  exit 

This  example  shows  how  to  configure  multiple  classes  in  a  policy  map  called  policymap2: 

Switch (conf ig) #  policy-map  policymap2 

Switch(conf ig-pmap) #  class  classl 
Switch (conf ig-pmap-c) #  set  dscp  10 

Switch (conf ig-pmap-c) #  police  100000  20000  exceed-action  policed-dscp-transmit 

Switch ( conf ig-pmap-c ) #  exit 
Switch (conf ig-pmap) #  class  class2 
Switch (conf ig-pmap-c) #  trust  dscp 

Switch (conf ig-pmap-c) #  police  100000  20000  exceed-action  drop 

Switch (conf ig-pmap-c) #  exit 

Switch(conf ig-pmap) #  class  class3 

Switch (conf ig-pmap-c) #  set  dscp  0   (no  policer) 

Switch (conf ig-pmap-c) #  exit 
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This  example  shows  how  to  create  a  hierarchical  policy  map  and  attach  it  to  an  SVI: 

Switch (config) #  class-map  cm-non-int 

Switch (conf ig-cmap) #  match  access-group  101 

Switch(config-cmap) #  exit 

Switch ( conf ig) #  class-map  cm-non-int-2 

Switch(config-cmap) #  match  access-group  102 

Switch (conf ig-cmap) #  exit 

Switch (conf ig) #  class-map  cm-test-int 

Switch (conf ig-cmap) #  match  input -interface  gigabitethernetO/2  -  gigabitethernetO/3 

Switch (conf ig-cmap) #  exit 

Switch ( conf ig) #  policy-map  pm-test-int 

Switch (conf ig-pmap) #  class  cm-test-int 

Switch (conf ig-pmap-c) #  police  18000000  8000  exceed-action  drop 

Switch ( conf ig-pmap-c ) #  exit 

Switch (conf ig-pmap) #  exit 

Switch (conf ig) #  policy-map  pm-test-pm-2 

Switch (conf ig-pmap) #  class  cm-non-int 

Switch (conf ig-pmap-c) #  set  dscp  7 

Switch ( conf ig-pmap-c ) #  service-policy  pm-test-int 

Switch (conf ig-pmap) #  class  cm-non-int-2 

Switch ( conf ig-pmap-c ) #  set  dscp  15 

Switch (conf ig-pmap-c) #  service-policy  pm-test-int 

Switch (conf ig-pmap-c) #  end 

Switch (conf ig-cmap) #  exit 

Switch (conf ig) #  interface  vlan  10 

Switch (conf ig-if) #  service-policy  input  pm-test-pm-2 

This  example  shows  how  to  delete  policymap2: 

Switch (conf ig) #  no  policy-map  policymap2 

You  can  verify  your  settings  by  entering  the  show  policy-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class 

Defines  a  traffic  classification  match  criteria  (through  the  police,  set,  and 

trust  policy-map  class  configuration  command)  for  the  specified  class-map 

name. 

class-map 

Creates  a  class  map  to  be  used  for  matching  packets  to  the  class  whose  name 

you  specify. 

service-policy 

Applies  a  policy  map  to  a  port. 

show  mis  qos  vlan 

Displays  the  quality  of  service  (QoS)  policy  maps  attached  to  an  SVI. 

show  policy-map 

Displays  QoS  policy  maps. 
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port-channel  load-balance 

Use  the  port-channel  load-balance  global  configuration  command  to  set  the  load-distribution  method 
among  the  ports  in  the  EtherChannel.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

port-channel  load-balance  {dst-ip  I  dst-mac  I  src-dst-ip  I  src-dst-mac  I  src-ip  I  src-mac} 

no  port-channel  load-balance 


Syntax  Description      dst-ip  Load  distribution  is  based  on  the  destination  host  IP  address. 


dst-mac 

Load  distribution  is  based  on  the  destination  host  MAC  address.  Packets  to  the  same 

destination  are  sent  on  the  same  port,  but  packets  to  different  destinations  are  sent  on 

different  ports  in  the  channel. 

src-dst-ip 

Load  distribution  is  based  on  the  source  and  destination  host  IP  address. 

src-dst-mac 

Load  distribution  is  based  on  the  source  and  destination  host  MAC  address. 

src-ip 

Load  distribution  is  based  on  the  source  host  IP  address. 

src-mac 

Load  distribution  is  based  on  the  source  MAC  address.  Packets  from  different  hosts  use 

different  ports  in  the  channel,  but  packets  from  the  same  host  use  the  same  port. 

Defaults  The  default  is  src-mac. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        For  information  about  when  to  use  these  forwarding  methods,  see  the  "Configuring  EtherChannels" 
chapter  in  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  set  the  load-distribution  method  to  dst-mac: 

Switch (config) #  port-channel  load-balance  dst-mac 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command  or  the 
show  etherchannel  load-balance  privileged  EXEC  command. 
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Related  Commands      Command  Description 

interface  port-channel     Accesses  or  creates  the  port  channel. 

show  etherchannel  Displays  EtherChannel  information  for  a  channel. 

show  running-config        Displays  the  current  operating  configuration.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 


2-260 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Chapter  2    CGESM  Switch  Cisco  IPS  Commands 


priority-queue  I 


priority-queue 

Use  the  priority-queue  interface  configuration  command  to  enable  the  egress  expedite  queue  on  a  port. 
Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

priority-queue  out 

no  priority-queue  out 


Syntax  Description      out  Enable  the  egress  expedite  queue. 


Defaults  The  egress  expedite  queue  is  disabled. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  When  you  configure  the  priority-queue  out  command,  the  shaped  round  robin  (SRR)  weight  ratios  are 
affected  because  there  is  one  fewer  queue  participating  in  SRR.  This  means  that  weightl  in  the  srr-queue 
bandwidth  shape  or  the  srr-queue  bandwidth  shape  interface  configuration  command  is  ignored  (not 
used  in  the  ratio  calculation).  The  expedite  queue  is  a  priority  queue,  and  it  is  serviced  until  empty  before 
the  other  queues  are  serviced. 

Follow  these  guidelines  when  the  expedite  queue  is  enabled  or  the  egress  queues  are  serviced  based  on 
their  SRR  weights: 

•  If  the  egress  expedite  queue  is  enabled,  it  overrides  the  SRR  shaped  and  shared  weights  for  queue  1 . 

•  If  the  egress  expedite  queue  is  disabled  and  the  SRR  shaped  and  shared  weights  are  configured,  the 
shaped  mode  overrides  the  shared  mode  for  queue  1,  and  SRR  services  this  queue  in  shaped  mode. 

•  If  the  egress  expedite  queue  is  disabled  and  the  SRR  shaped  weights  are  not  configured,  SRR 
services  the  queue  in  shared  mode. 


Examples  This  example  shows  how  to  enable  the  egress  expedite  queue  when  the  SRR  weights  are  configured.  The 

egress  expedite  queue  overrides  the  configured  SRR  weights. 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  srr-queue  bandwidth  shape  25  0  0  0 
Switch (config-if) #  srr-queue  bandwidth  share  30  20  25  25 
Switch (config-if ) #  priority-queue  out 

This  example  shows  how  to  disable  the  egress  expedite  queue  after  the  SRR  shaped  and  shared  weights 
are  configured.  The  shaped  mode  overrides  the  shared  mode. 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  srr-queue  bandwidth  shape  25  0  0  0 
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Switch (config-if) #  srr-queue  bandwidth  share  30  20  25  25 
Switch (config-if) #  no  priority-queue  out 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  interface-id  queueing  or  the  show 
running-config  privileged  EXEC  command. 


Related  Commands 


Command 

show  mis  qos  interface  queueing 


Description 

Displays  the  queueing  strategy  (SRR,  priority  queueing),  the 
weights  corresponding  to  the  queues,  and  the 
CoS-to-egress-queue  map. 


srr-queue  bandwidth  shape 


Assigns  the  shaped  weights  and  enables  bandwidth  shaping  on 
the  four  egress  queues  mapped  to  a  port. 


srr-queue  bandwidth  share 


Assigns  the  shared  weights  and  enables  bandwidth  sharing  on 
the  four  egress  queues  mapped  to  a  port. 
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queue-set 


Use  the  queue-set  interface  configuration  command  to  map  a  port  to  a  queue-set.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

queue-set  qset-id 

no  queue-set  qset-id 


Syntax  Description  qset-id 


ID  of  the  queue-set.  Each  port  belongs  to  a  queue-set,  which  defines  all  the 
characteristics  of  the  four  egress  queues  per  port.  The  range  is  1  to  2. 


Defaults 


The  queue-set  ID  is  1. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  map  a  port  to  queue-set  2: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  queue-set  2 


You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  buffers  privileged 
EXEC  command. 


Related  Commands 


Command 

Description 

mis  qos  queue-set  output  buffers 

Allocates  buffers  to  a  queue-set. 

mis  qos  queue-set  output  threshold 

Configures  the  weighted  tail-drop  (WTD)  thresholds, 
guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  to  a  queue-set. 

show  mis  qos  interface  buffers 

Displays  quality  of  service  (QoS)  information. 
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radius-server  dead-criteria 

Use  the  radius-server  dead-criteria  global  configuration  command  to  configure  the  conditions  that 
determine  when  a  RADIUS  server  is  considered  unavailable  or  dead.  Use  the  no  form  of  this  command 
to  return  to  the  default  settings. 

radius-server  dead-criteria  [time  seconds  [tries  number]  I  tries  number] 

no  radius-server  dead-criteria  [time  seconds  [tries  number]  I  tries  number] 


Syntax  Description       time  seconds    (Optional)  Set  the  time  in  seconds  during  which  the  switch  does  not  need  to  get  a  valid 

response  from  the  RADIUS  server.  The  range  is  from  1  to  120  seconds. 

tries  number  (Optional)  Set  the  number  of  times  that  the  switch  does  not  get  a  valid  response  from 
the  RADIUS  server  before  the  server  is  considered  unavailable.  The  range  is  from  1  to 
100. 


Defaults  The  switch  dynamically  determines  the  seconds  value  that  is  from  10  to  60  seconds. 

The  switch  dynamically  determines  the  tries  value  that  is  from  10  to  100. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SEE  This  command  was  introduced. 


Usage  Guidelines        We  recommend  that  you  configure  the  seconds  and  number  parameters  as  follows: 

•  Use  the  radius-server  timeout  seconds  global  configuration  command  to  specify  the  time  in 
seconds  during  which  the  switch  waits  for  a  RADIUS  server  to  respond  before  the  IEEE  802.  lx 
authentication  times  out.  The  switch  dynamically  determines  the  default  seconds  value  that  is  from 
10  to  60  seconds. 

•  Use  the  radius-server  retransmit  retries  global  configuration  command  to  specify  the  number  of 
times  the  switch  tries  to  reach  the  radius  servers  before  considering  the  servers  to  be  unavailable. 
The  switch  dynamically  determines  the  default  tries  value  that  is  from  10  to  100. 

•  The  seconds  parameter  is  less  than  or  equal  to  the  number  of  retransmission  attempts  times  the  time 
in  seconds  before  the  IEEE  802. lx  authentication  times  out. 

•  The  tries  parameter  should  be  the  same  as  the  number  of  retransmission  attempts. 


Examples  This  example  shows  how  to  configure  60  as  the  time  and  10  as  the  number  of  tries,  the  conditions  that 

determine  when  a  RADIUS  server  is  considered  unavailable 

Switch (config) #  radius -server  dead-criteria  time  60  tries  10 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 
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radius-server  dead-criteria  M 


Related  Commands      Command  Description 

dotlx  critical  (global  configuration)   Configures  the  parameters  for  the  inaccessible  authentication 

bypass  feature. 

Enables  the  inaccessible  authentication  bypass  feature  on  an 
interface  and  configures  the  access  VLAN  to  which  the  switch 
assigns  the  critical  port  when  the  port  is  in  the 
critical-authentication  state. 

radius-server  retransmit  retries  Specifies  the  number  of  times  that  the  switch  tries  to  reach  the 

RADIUS  servers  before  considering  the  servers  to  be 
unavailable.  For  syntax  information,  select  Cisco  IOS  Security 
Command  Reference,  Release  12.2  >  Server  Security 
Protocols  >  RADIUS  Commands. 

radius-server  timeout  seconds  Specifies  the  time  in  seconds  during  which  the  switch  waits  for 

a  RADIUS  server  to  respond  before  the  IEEE  802.  lx 
authentication  times  out.  For  syntax  information,  select  Cisco 
IOS  Security  Command  Reference,  Release  12.2  >  Server 
Security  Protocols  >  RADIUS  Commands. 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 


dotlx  critical  (interface 
configuration) 
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radius-server  host 

Use  the  radius-server  host  global  configuration  command  to  configure  the  RADIUS  server  parameters, 
including  the  RADIUS  accounting  and  authentication.  Use  the  no  form  of  this  command  to  return  to  the 
default  settings. 

radius-server  host  ip-address  [acct-port  udp-port]  [auth-port  udp-port]  [test  username  name 
[idle-time  time]  [ignore-acct-port]  [ignore-auth-port]]  [key  string] 

no  radius-server  host  ip-address 


Syntax  Description      ip-address  Specify  the  IP  address  of  the  RADIUS  server. 

acct-port  udp-port        (Optional)  Specify  the  UDP  port  for  the  RADIUS  accounting  server.  The 
range  is  from  0  to  65536. 

auth-port  udp-port        (Optional)  Specify  the  UDP  port  for  the  RADIUS  authentication  server.  The 
range  is  from  0  to  65536. 

test  username  name      (Optional)  Enable  automatic  server  testing  of  the  RADIUS  server  status,  and 
specify  the  username  to  be  used. 

idle-time  time  (Optional)  Set  the  interval  of  time  in  minutes  after  which  the  switch  sends  test 

packets  to  the  server.  The  range  is  from  1  to  35791  minutes. 

ignore-acct-port  (Optional)  Disables  testing  on  the  RADIUS-server  accounting  port. 

ignore-auth-port  (Optional)  Disables  testing  on  the  RADIUS-server  authentication  port. 

key  string  (Optional)  Specify  the  authentication  and  encryption  key  for  all  RADIUS 

communication  between  the  switch  and  the  RADIUS  daemon.  The  key  is  a 
text  string  that  must  match  the  encryption  key  used  on  the  RADIUS  server. 
Always  configure  the  key  as  the  last  item  in  this  command.  Leading  spaces 
are  ignored,  but  spaces  within  and  at  the  end  of  the  key  are  used.  If  there  are 
spaces  in  your  key,  do  not  enclose  the  key  in  quotation  marks  unless  the 
quotation  marks  are  part  of  the  key. 


Defaults  The  UDP  port  for  the  RADIUS  accounting  server  is  1646. 

The  UDP  port  for  the  RADIUS  authentication  server  is  1645. 
Automatic  server  testing  is  disabled. 
The  idle  time  is  60  minutes  (1  hour). 

When  the  automatic  testing  is  enabled,  testing  occurs  on  the  accounting  and  authentication  UDP  ports. 
The  authentication  and  encryption  key  (string)  is  not  configured. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SEE  This  command  was  introduced. 
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Usage  Guidelines        We  recommend  that  you  configure  the  UDP  port  for  the  RADIUS  accounting  server  and  the  UDP  port 
for  the  RADIUS  authentication  server  to  nondefault  values. 

Use  the  test  username  name  keywords  to  enable  automatic  server  testing  of  the  RADIUS  server  status 
and  to  specify  the  username  to  be  used. 

You  can  configure  the  authentication  and  encryption  key  by  using  the  radius-server  host  ip-address  key 
string  or  the  radius-server  key  {0  string  I  7  string  I  string}  global  configuration  command.  Always 
configure  the  key  as  the  last  item  in  this  command. 


Examples  This  example  shows  how  to  configure  1500  as  the  UDP  port  for  the  accounting  server  and  1510  as  the 

UDP  port  for  the  authentication  server: 

Switch(config) #  radius-server  host  1.1.1.1  acct-port  1500  auth-port  1510 

This  example  shows  how  to  configure  the  UDP  port  for  the  accounting  server  and  the  authentication 
server,  enable  automated  testing  of  the  RADIUS  server  status,  specify  the  username  to  be  used,  and 
configure  a  key  string: 

Switch (config) #  radius -server  host  1.1.1.2  acct-port  800  auth-port  900  test  username 
aaafail  idle-time  75  key  abcl23 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

dotlx  critical  (global  configuration)   Configures  the  parameters  for  the  inaccessible  authentication 

bypass  feature. 

Enables  the  inaccessible  authentication  bypass  feature  on  an 
interface  and  configures  the  access  VLAN  to  which  the  switch 
assigns  the  critical  port  when  the  port  is  in  the 
critical-authentication  state. 

Sets  the  authentication  and  encryption  key  for  all  RADIUS 
communications  between  the  router  and  the  RADIUS  daemon. 
For  syntax  information,  select  Cisco  IOS  Security  Command 
Reference,  Release  12.2  >  Server  Security  Protocols  > 
RADIUS  Commands. 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 


dotlx  critical  (interface 
configuration) 


radius-server  key  { 0  string  I  7  string  I 
string } 
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rcommand 


Use  the  rcommand  user  EXEC  command  to  start  a  Telnet  session  and  to  execute  commands  on  a  cluster 
member  switch  from  the  cluster  command  switch.  To  end  the  session,  enter  the  exit  command. 

rcommand  {n  I  commander  I  mac-address  hw-addr} 


Syntax  Description 


Provide  the  number  that  identifies  a  cluster  member.  The  range  is  0  to  15. 

Provide  access  to  the  cluster  command  switch  from  a  cluster  member 
switch. 


commander 


mac-address  hw-addr 


MAC  address  of  the  cluster  member  switch. 


Command  Modes 


User  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       This  command  is  available  only  on  the  cluster  command  switch. 

If  the  switch  is  the  cluster  command  switch  but  the  cluster  member  switch  n  does  not  exist,  an  error 
message  appears.  To  get  the  switch  number,  enter  the  show  cluster  members  privileged  EXEC 
command  on  the  cluster  command  switch. 

You  can  use  this  command  to  access  a  cluster  member  switch  from  the  cluster  command-switch  prompt 
or  to  access  a  cluster  command  switch  from  the  member-switch  prompt. 

For  Catalyst  2900  XL,  3500  XL,  2950,  2960,  2970,  CGESM,  3550,  3560,  and  3750  switches,  the  Telnet 
session  accesses  the  member-switch  command-line  interface  (CLI)  at  the  same  privilege  level  as  on  the 
cluster  command  switch.  For  example,  if  you  execute  this  command  at  user  level  on  the  cluster  command 
switch,  the  cluster  member  switch  is  accessed  at  user  level.  If  you  use  this  command  on  the  cluster 
command  switch  at  privileged  level,  the  command  accesses  the  remote  device  at  privileged  level.  If  you 
use  an  intermediate  enable-level  lower  than  privileged,  access  to  the  cluster  member  switch  is  at  user 
level. 

For  Catalyst  1900  and  2820  switches  running  standard  edition  software,  the  Telnet  session  accesses  the 
menu  console  (the  menu-driven  interface)  if  the  cluster  command  switch  is  at  privilege  level  15.  If  the 
cluster  command  switch  is  at  privilege  level  1,  you  are  prompted  for  the  password  before  being  able  to 
access  the  menu  console.  Cluster  command  switch  privilege  levels  map  to  the  cluster  member  switches 
running  standard  edition  software  as  follows: 

•  If  the  cluster  command  switch  privilege  level  is  from  1  to  14,  the  cluster  member  switch  is  accessed 
at  privilege  level  1 . 

•  If  the  cluster  command  switch  privilege  level  is  15,  the  cluster  member  switch  is  accessed  at 
privilege  level  15. 

The  Catalyst  1900  and  2820  CLI  is  available  only  on  switches  running  Enterprise  Edition  Software. 
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This  command  will  not  work  if  the  vty  lines  of  the  cluster  command  switch  have  access-class 
configurations. 

You  are  not  prompted  for  a  password  because  the  cluster  member  switches  inherited  the  password  of  the 
cluster  command  switch  when  they  joined  the  cluster. 


Examples 


This  example  shows  how  to  start  a  session  with  member  3.  All  subsequent  commands  are  directed  to 
member  3  until  you  enter  the  exit  command  or  close  the  session. 

Switch#  rcommand  3 
Switch-3#  show  version 

Cisco  Internet  Operating  System  Software   . . . 

Switch-3#  exit 
Switch* 


Related  Commands  Command 


Description 


show  cluster  members 


Displays  information  about  the  cluster  members. 
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remote-span 

Use  the  remote-span  VLAN  configuration  command  to  configure  a  VLAN  as  a  Remote  Switched  Port 
Analyzer  (RSPAN)  VLAN.  Use  the  no  form  of  this  command  to  remove  the  RSPAN  designation  from 
the  VLAN. 

remote-span 

no  remote-span 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  No  RSPAN  VLANs  are  defined. 


Command  Modes        VLAN  configuration  (config-VLAN) 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  You  can  configure  RSPAN  VLANs  only  in  config-VLAN  mode  (entered  by  using  the  vlan  global 
configuration  command),  not  the  VLAN  configuration  mode  entered  by  using  the  vlan  database 
privileged  EXEC  command. 

If  VLAN  Trunking  Protocol  (VTP)  is  enabled,  the  RSPAN  feature  is  propagated  by  VTP  for  VLAN-IDs 
that  are  lower  than  1005.  If  the  RSPAN  VLAN  ID  is  in  the  extended  range,  you  must  manually  configure 
intermediate  switches  (those  in  the  RSPAN  VLAN  between  the  source  switch  and  the  destination 
switch). 

Before  you  configure  the  RSPAN  remote-span  command,  use  the  vlan  (global  configuration)  command 
to  create  the  VLAN. 

The  RSPAN  VLAN  has  these  characteristics: 

•  No  MAC  address  learning  occurs  on  it. 

•  RSPAN  VLAN  traffic  flows  only  on  trunk  ports. 

•  Spanning  Tree  Protocol  (STP)  can  run  in  the  RSPAN  VLAN,  but  it  does  not  run  on  RSPAN 
destination  ports. 

When  an  existing  VLAN  is  configured  as  an  RSPAN  VLAN,  the  VLAN  is  first  deleted  and  then  recreated 
as  an  RSPAN  VLAN.  Any  access  ports  are  made  inactive  until  the  RSPAN  feature  is  disabled. 
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Examples 


This  example  shows  how  to  configure  a  VLAN  as  an  RSPAN  VLAN. 


Switch (config) #  vlan  901 

Switch ( config-vlan) #  remote-span 

This  example  shows  how  to  remove  the  RSPAN  feature  from  a  VLAN. 

Switch (config) #  vlan  901 

Switch ( config-vlan) #  no  remote-span 

You  can  verify  your  settings  by  entering  the  show  vlan  remote-span  user  EXEC  command. 


Related  Commands 


Command 


Description 


monitor  session 


Enables  Switched  Port  Analyzer  (SPAN)  and  RSPAN  monitoring  on  a  port 
and  configures  a  port  as  a  source  or  destination  port. 


vlan  (global 
configuration) 


Changes  to  config-vlan  mode  where  you  can  configure  VLANs  1  to  4094. 
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rmon  collection  stats 


Use  the  rmon  collection  stats  interface  configuration  command  to  collect  Ethernet  group  statistics, 
which  include  usage  statistics  about  broadcast  and  multicast  packets,  and  error  statistics  about  cyclic 
redundancy  check  (CRC)  alignment  errors  and  collisions.  Use  the  no  form  of  this  command  to  return  to 
the  default  setting. 

rmon  collection  stats  index  [owner  name] 

no  rmon  collection  stats  index  [owner  name] 


Syntax  Description  index 


Remote  Network  Monitoring  (RMON)  collection  control  index.  The  range 
is  1  to  65535. 

owner  name  (Optional)  Owner  of  the  RMON  collection. 


Defaults 


The  RMON  statistics  collection  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  RMON  statistics  collection  command  is  based  on  hardware  counters. 


Examples 


This  example  shows  how  to  collect  RMON  statistics  for  the  owner  root: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  rmon  collection  stats  2  owner  root 

You  can  verify  your  setting  by  entering  the  show  rmon  statistics  privileged  EXEC  command. 


Related  Commands 


Command 

show  rmon  statistics 


Description 

Displays  RMON  statistics. 

For  syntax  information,  select  Cisco  IOS  Configuration 
Fundamentals  Command  Reference,  Release  12.2  >  System 
Management  Commands  >  RMON  Commands. 
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Use  the  service  password-recovery  global  configuration  command  to  enable  the  password-recovery 
mechanism  (the  default).  This  mechanism  allows  an  end  user  with  physical  access  to  the  switch  to  hold 
down  the  Mode  button  and  interrupt  the  bootup  process  while  the  switch  is  powering  up  and  to  assign  a 
new  password.  Use  the  no  form  of  this  command  to  disable  part  of  the  password-recovery  functionality. 
When  the  password-recovery  mechanism  is  disabled,  interrupting  the  bootup  process  is  allowed  only  if 
the  user  agrees  to  set  the  system  back  to  the  default  configuration. 

service  password-recovery 

no  service  password-recovery 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  password-recovery  mechanism  is  enabled. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


As  a  system  administrator,  you  can  use  the  no  service  password-recovery  command  to  disable  some  of 
the  functionality  of  the  password  recovery  feature  by  allowing  an  end  user  to  reset  a  password  only  by 
agreeing  to  return  to  the  default  configuration. 

To  use  the  password-recovery  procedure,  a  user  with  physical  access  to  the  switch  holds  down  the  Mode 
button  while  the  unit  powers  up  and  for  a  second  or  two  after  the  LED  above  port  1  turns  off.  When  the  button 
is  released,  the  system  continues  with  initialization 
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If  the  password-recovery  mechanism  is  disabled,  this  message  appears: 

The  password-recovery  mechanism  has  been  triggered,  but 
is  currently  disabled.     Access  to  the  boot  loader  prompt 
through  the  password-recovery  mechanism  is  disallowed  at 
this  point.     However,    if  you  agree  to  let  the  system  be 
reset  back  to  the  default  system  configuration,  access 
to  the  boot  loader  prompt  can  still  be  allowed. 

Would  you  like  to  reset  the  system  back  to  the  default  configuration   (y/n) ? 

If  the  user  chooses  not  to  reset  the  system  to  the  default  configuration,  the  normal  bootup  process 
continues,  as  if  the  Mode  button  had  not  been  pressed.  If  you  choose  to  reset  the  system  to  the  default 
configuration,  the  configuration  file  in  flash  memory  is  deleted,  and  the  VLAN  database  file, 
flash.-vlan.dat  (if  present),  is  deleted. 

If  the  password-recovery  mechanism  is  enabled,  this  message  appears: 

The  system  has  been  interrupted  prior  to  initializing  the  flash  file  system.  The  following 
commands  will  initialize  the  flash  file  system,   and  finish  loading  the  operating  system 
software* 

f lash_init 

load_helper 

boot 


X 

Note 


If  you  use  the  no  service  password-recovery  command  to  control  end  user  access  to  passwords,  we 
recommend  that  you  save  a  copy  of  the  config  file  in  a  location  away  from  the  switch  in  case  the  end  user 
uses  the  password  recovery  procedure  and  sets  the  system  back  to  default  values.  Do  not  keep  a  backup 
copy  of  the  config  file  on  the  switch. 


If  the  switch  is  operating  in  VTP  transparent  mode,  we  recommend  that  you  also  save  a  copy  of  the 
vlan.dat  file  in  a  location  away  from  the  switch. 

You  can  verify  if  password  recovery  is  enabled  or  disabled  by  entering  the  show  version  privileged 
EXEC  command. 


Examples 


This  example  shows  how  to  disable  password  recovery  on  a  switch  so  that  a  user  can  only  reset  a 
password  by  agreeing  to  return  to  the  default  configuration. 

Switch (config) #  no  service-password  recovery 

Switch (config) #  exit 


Related  Commands  Command 


Description 


show  version 


Displays  version  information  for  the  hardware  and  firmware. 
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Use  the  service-policy  interface  configuration  command  on  the  switch  to  apply  a  policy  map  defined  by 
the  policy-map  command  to  the  input  of  a  physical  port  or  a  switch  virtual  interface  (SVI).  Use  the  no 
form  of  this  command  to  remove  the  policy  map  and  port  association. 

service-policy  input  policy-map-name 

no  service-policy  input  policy-map-name 


Syntax  Description      input  policy-map-name 


Apply  the  specified  policy  map  to  the  input  of  a  physical  port  or  an  SVI. 


Note      Though  visible  in  the  command-line  help  strings,  the  history  keyword  is  not  supported,  and  you  should 
ignore  the  statistics  that  it  gathers.  The  output  keyword  is  also  not  supported. 


Defaults 


No  policy  maps  are  attached  to  the  port. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       Only  one  policy  map  per  ingress  port  is  supported. 

Policy  maps  can  be  configured  on  physical  ports  or  on  SVIs.  When  VLAN-based  quality  of  service 
(QoS)  is  disabled  by  using  the  no  mis  qos  vlan-based  interface  configuration  command  on  a  physical 
port,  you  can  configure  a  port-based  policy  map  on  the  port.  If  VLAN-based  QoS  is  enabled  by  using 
the  mis  qos  vlan-based  interface  configuration  command  on  a  physical  port,  the  switch  removes  the 
previously  configured  port-based  policy  map.  After  a  hierarchical  policy  map  is  configured  and  applied 
on  an  SVI,  the  interface-level  policy  map  takes  effect  on  the  interface. 

In  software  releases  earlier  than  Cisco  IOS  Release  12.2(25)SE,  you  can  apply  a  policy  map  only  to  the 
incoming  traffic  on  a  physical  port.  In  Cisco  IOS  Release  12.2(25)SE  or  later,  you  can  apply  a  policy 
map  to  incoming  traffic  on  a  physical  port  or  on  an  SVI.  In  Cisco  IOS  Release  12.2(25)SED  or  later,  you 
can  configure  different  interface-level  policy  maps  for  each  class  defined  in  the  VLAN-level  policy  map. 
For  more  information  about  hierarchical  policy  maps,  see  the  "Configuring  QoS"  chapter  in  the  software 
configuration  guide  for  this  release. 

Classification  using  a  port  trust  state  (for  example,  mis  qos  trust  [cos  I  dscp  I  ip-precedence]  and  a 
policy  map  (for  example,  service-policy  input  policy-map-name)  are  mutually  exclusive.  The  last  one 
configured  overwrites  the  previous  configuration. 
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Examples  This  example  shows  how  to  apply  plcmapl  to  an  physical  ingress  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  service-policy  input  plcmapl 

This  example  shows  how  to  remove  plcmapl  from  a  physical  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if ) #  no  service-policy  input  plcmap2 

This  example  shows  how  to  apply  plcmapl  to  an  ingress  SVI  when  VLAN-based  QoS  is  enabled: 

Switch (config) #  interface  vlan  10 

Switch (config-if ) #  service-policy  input  plcmapl 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 


policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple  ports  to 

specify  a  service  policy. 

show  policy-map 

Displays  QoS  policy  maps. 

show  running-config      Displays  the  running  configuration  on  the  switch.  For  syntax  information, 


select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 
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set 

Use  the  set  policy-map  class  configuration  command  to  classify  IP  traffic  by  setting  a  Differentiated 
Services  Code  Point  (DSCP)  or  an  IP-precedence  value  in  the  packet.  Use  the  no  form  of  this  command 
to  remove  traffic  classification. 

set  {dscp  new-dscp  I  [ip]  precedence  new-precedence] 

no  set  {dscp  new-dscp  I  [ip]  precedence  new-precedence) 


Syntax  Description      dscp  new-dscp 


New  DSCP  value  assigned  to  the  classified  traffic.  The  range 
is  0  to  63.  You  also  can  enter  a  mnemonic  name  for  a  commonly 
used  value. 


[ip]  precedence  new -precedence 


New  IP-precedence  value  assigned  to  the  classified  traffic.  The 
range  is  0  to  7.  You  also  can  enter  a  mnemonic  name  for  a 
commonly  used  value. 


Defaults 


No  traffic  classification  is  defined. 


Command  Modes 


Policy-map  class  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  ip  keyword  is  optional. 

Usage  Guidelines       If  you  have  used  the  set  ip  dscp  policy-map  class  configuration  command,  the  switch  changes  this 
command  to  set  dscp  in  the  switch  configuration.  If  you  enter  the  set  ip  dscp  policy-map  class 
configuration  command,  this  setting  appears  as  set  dscp  in  the  switch  configuration. 

You  can  use  the  set  ip  precedence  policy-map  class  configuration  command  or  the  set  precedence 
policy-map  class  configuration  command.  This  setting  appears  as  set  ip  precedence  in  the  switch 
configuration. 

The  set  command  is  mutually  exclusive  with  the  trust  policy-map  class  configuration  command  within 
the  same  policy  map. 

For  the  set  dscp  new-dscp  or  the  set  ip  precedence  new-precedence  command,  you  can  enter  a 
mnemonic  name  for  a  commonly  used  value.  For  example,  you  can  enter  the  set  dscp  afll  command, 
which  is  the  same  as  entering  the  set  dscp  10  command.  You  can  enter  the  set  ip  precedence  critical 
command,  which  is  the  same  as  entering  the  set  ip  precedence  5  command.  For  a  list  of  supported 
mnemonics,  enter  the  set  dscp  ?  or  the  set  ip  precedence  ?  command  to  see  the  command-line  help 
strings. 

To  return  to  policy-map  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode, 
use  the  end  command. 
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Examples  This  example  shows  how  to  assign  DSCP  10  to  all  FTP  traffic  without  any  policers: 

Switch (config) #  policy-map  policy_ftp 
Switch (conf ig-pmap) #  class  ftp_class 
Switch ( conf ig-pmap-c ) #  set  dscp  10 
Switch (conf ig-pmap) #  exit 

You  can  verify  your  settings  by  entering  the  show  policy-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class 

Defines  a  traffic  classification  match  criteria  (through  the  police,  set,  and  trust 

policy-map  class  configuration  commands)  for  the  specified  class-map  name. 

police 

Defines  a  policer  for  classified  traffic. 

policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple  ports  to 

specify  a  service  policy. 

show  policy-map 

Displays  QoS  policy  maps. 

trust 

Defines  a  trust  state  for  traffic  classified  through  the  class  policy-map 

configuration  command  or  the  class-map  global  configuration  command. 
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I  setup 

setup 

Use  the  setup  privileged  EXEC  command  to  configure  the  switch  with  its  initial  configuration, 
setup 

Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Modes        Privileged  EXEC 

Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       When  you  use  the  setup  command,  make  sure  that  you  have  this  information: 

•  IP  address  and  network  mask 

•  Password  strategy  for  your  environment 

•  Whether  the  switch  will  be  used  as  the  cluster  command  switch  and  the  cluster  name 

When  you  enter  the  setup  command,  an  interactive  dialog,  called  the  System  Configuration  Dialog, 
appears.  It  guides  you  through  the  configuration  process  and  prompts  you  for  information.  The  values 
shown  in  brackets  next  to  each  prompt  are  the  default  values  last  set  by  using  either  the  setup  command 
facility  or  the  configure  privileged  EXEC  command. 

Help  text  is  provided  for  each  prompt.  To  access  help  text,  press  the  question  mark  (?)  key  at  a  prompt. 

To  return  to  the  privileged  EXEC  prompt  without  making  changes  and  without  running  through  the  entire 
System  Configuration  Dialog,  press  Ctrl-C. 

When  you  complete  your  changes,  the  setup  program  shows  you  the  configuration  command  script  that 
was  created  during  the  setup  session.  You  can  save  the  configuration  in  NVRAM  or  return  to  the  setup 
program  or  the  command-line  prompt  without  saving  it. 


Examples  This  is  an  example  of  output  from  the  setup  command: 

Switch#  setup 

  System  Configuration  Dialog   

Continue  with  configuration  dialog?    [yes/no] :  yes 

At  any  point  you  may  enter  a  question  mark   '?'    for  help. 
Use  ctrl-c  to  abort  configuration  dialog  at  any  prompt. 
Default  settings  are  in  square  brackets    1  []  1  . 

Basic  management  setup  configures  only  enough  connectivity 
for  management  of  the  system,   extended  setup  will  ask  you 
to  configure  each  interface  on  the  system. 
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Would  you  like  to  enter  basic  management  setup?    [yes/no] :  yes 
Configuring  global  parameters: 

Enter  host  name   [ Switch] : host-name 

The  enable  secret  is  a  password  used  to  protect  access  to 
privileged  EXEC  and  configuration  modes.   This  password,  after 
entered,   becomes  encrypted  in  the  configuration. 
Enter  enable  secret:  enable-secret-password 

The  enable  password  is  used  when  you  do  not  specify  an 

enable  secret  password,  with  some  older  software  versions,  and 

some  boot  images . 

Enter  enable  password:  enahle-password 

The  virtual  terminal  password  is  used  to  protect 
access  to  the  router  over  a  network  interface. 
Enter  virtual  terminal  password:  terminal-password 

Configure  SNMP  Network  Management?    [no] :  yes 
Community  string   [public] : 

Current  interface  summary 

Any  interface  listed  with  OK?  value  "NO"  does  not  have  a  valid  configuration 


Interface 
Vlanl 

GigabitEthernetO/1 
GigabitEthernetO/2 
<output  truncated> 
Port-channell 


IP-Address  OK?  Method  Status 

172.20.135.202     YES  NVRAM  up 


unassigned 
unassigned 

unassigned 


YES  unset  up 
YES  unset  up 

YES  unset  up 


Protocol 
up 


up 

down 


down 


Enter  interface  name  used  to  connect  to  the 

management  network  from  the  above  interface  summary:  vlanl 

Configuring  interface  vlanl : 

Configure  IP  on  this  interface?    [yes] :  yes 

IP  address  for  this  interface:  ip_address 

Subnet  mask  for  this  interface   [255.0.0.0] :  subnet_mask 

Would  you  like  to  enable  as  a  cluster  command  switch?    [yes/no] :  yes 

Enter  cluster  name:  cluster-name 

The  following  configuration  command  script  was  created: 
hostname  host-name 

enable  secret  5  $l$LiBw$0XclwyT . PXPkuhFwqyhVi 0 
enable  password  enable-password 
line  vty  0  15 

password  terminal-password 
snmp-server  community  public 
j 

no  ip  routing 
j 

interface  GigabitEthernetO/1 
no  ip  address 


interface  GigabitEthernetO/2 
no  ip  address 
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cluster  enable  cluster-name 
end 

Use  this  configuration?    [yes/no] :  yes 

[0]   Go  to  the  IOS  command  prompt  without  saving  this  config. 
[1]   Return  back  to  the  setup  without  saving  this  config. 
[2]   Save  this  configuration  to  nvram  and  exit. 
Enter  your  selection  [2]: 


Related  Commands      Command  Description 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management  Commands 
>  Configuration  File  Management  Commands. 

show  version  Displays  version  information  for  the  hardware  and  firmware. 
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setup  express 


Use  the  setup  express  global  configuration  command  to  enable  Express  Setup  mode.  Use  the  no  form 
of  this  command  to  disable  Express  Setup  mode. 

setup  express 

no  setup  express 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Express  Setup  is  enabled. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


X 

Note 


When  Express  Setup  is  enabled  on  a  new  (unconfigured)  switch,  pressing  the  Mode  button  for  2  seconds 
activates  Express  Setup.  You  can  access  the  switch  through  an  Ethernet  port  by  using  the  IP  address 
10.0.0.1  and  then  can  configure  the  switch  with  the  web-based  Express  Setup  program  or  the 
command-line  interface  (CLI)-based  setup  program. 

When  you  press  the  Mode  button  for  2  seconds  on  a  configured  switch,  the  LEDs  above  the  Mode  button 
start  blinking.  If  you  press  the  Mode  button  for  a  total  of  10  seconds,  the  switch  configuration  is  deleted, 
and  the  switch  reboots.  The  switch  can  then  be  configured  like  a  new  switch,  either  through  the 
web-based  Express  Setup  program  or  the  CLI-based  setup  program. 


As  soon  as  you  make  any  change  to  the  switch  configuration  (including  entering  no  at  the  beginning  of 
the  CLI-based  setup  program),  configuration  by  Express  Setup  is  no  longer  available.  You  can  only  run 
Express  Setup  again  by  pressing  the  Mode  button  for  10  seconds.  This  deletes  the  switch  configuration 
and  reboots  the  switch. 


If  Express  Setup  is  active  on  the  switch,  entering  the  write  memory  or  copy  running-configuration 
startup-configuration  privileged  EXEC  commands  deactivates  Express  Setup.  The  IP  address  10.0.0.1 
is  no  longer  valid  on  the  switch,  and  your  connection  using  this  IP  address  ends. 

The  primary  purpose  of  the  no  setup  express  command  is  to  prevent  someone  from  deleting  the  switch 
configuration  by  pressing  the  Mode  button  for  10  seconds. 
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Examples  This  example  shows  how  to  enable  Express  Setup  mode: 

Switch (config) #  setup  express 

You  can  verify  that  Express  Setup  mode  is  enabled  by  pressing  the  Mode  button: 

•  On  an  unconfigured  switch,  the  LEDs  above  the  Mode  button  turn  solid  green  after  3  seconds. 

•  On  a  configured  switch,  the  mode  LEDs  begin  blinking  after  2  seconds  and  turn  solid  green  after  10 
seconds. 


A 


Caution      If  you  hold  the  Mode  button  down  for  a  total  of  10  seconds,  the  configuration  is  deleted,  and  the  switch 
reboots. 

This  example  shows  how  to  disable  Express  Setup  mode: 

Switch ( config) #  no  setup  express 

You  can  verify  that  Express  Setup  mode  is  disabled  by  pressing  the  Mode  button.  The  mode  LEDs  do 
not  turn  solid  green  or  begin  blinking  green  if  Express  Setup  mode  is  not  enabled  on  the  switch. 


Related  Commands      Command  Description 


show  setup  express    Displays  if  Express  Setup  mode  is  active. 
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show  access-lists 

Use  the  show  access-lists  privileged  EXEC  command  to  display  access  control  lists  (ACLs)  configured 
on  the  switch. 

show  access-lists  [name  I  number  I  hardware  counters  I  ipc]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description      name  (Optional)  Name  of  the  ACL. 


number 

(Optional)  ACL  number.  The  range  is  1  to  2699. 

hardware  counters 

(Optional)  Display  global  hardware  ACL  statistics  for  switched  and 
routed  packets. 

ipc 

(Optional)  Display  Interprocess  Communication  (IPC)  protocol 
access-list  configuration  download  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

% 

Note      Though  visible  in  the  command-line  help  strings,  the  rate-limit  keywords  are  not  supported. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        The  switch  supports  only  IP  standard  and  extended  access  lists.  Therefore,  the  allowed  numbers  are  only 
1  to  199  and  1300  to  2699. 

This  command  also  displays  the  MAC  ACLs  that  are  configured. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples  This  is  an  example  of  output  from  the  show  access-lists  command: 

Switch#  show  access-lists 

Standard  IP  access  list  1 
10  permit  1.1.1.1 

2  0  permit  2.2.2.2 

3  0  permit  any 

40  permit  0.255.255.255,  wildcard  bits  12.0.0.0 
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Standard  IP  access  list  videowizard_l-l-l-l 

10  permit  1.1.1.1 
Standard  IP  access  list  videowizard_10-10-10-10 

10  permit  10.10.10.10 
Extended  IP  access  list  121 

10  permit  ahp  host  10.10.10.10  host  20.20.10.10  precedence  routine 
Extended  IP  access  list  CMP -NAT -ACL 

Dynamic  Cluster-HSRP  deny       ip  any  any 

10  deny  ip  any  host  19.19.11.11 

20  deny  ip  any  host  10.11.12.13 

Dynamic  Cluster-NAT  permit  ip  any  any 

10  permit  ip  host  10.99.100.128  any 

20  permit  ip  host  10.46.22.128  any 

30  permit  ip  host  10.45.101.64  any 

40  permit  ip  host  10.45.20.64  any 

50  permit  ip  host  10.213.43.128  any 

60  permit  ip  host  10.91.28.64  any 

70  permit  ip  host  10.99.75.128  any 

80  permit  ip  host  10.38.49.0  any 

This  is  an  example  of  output  from  the  show  access-lists  hardware  counters  command: 

Switch*  show  access-lists  hardware  counters 

L2  ACL  INPUT  Statistics 


Drop : 

All 

frame 

count : 

855 

Drop : 

All 

bytes 

count : 

94143 

Drop  And  Log: 

All 

frame 

count : 

0 

Drop  And  Log: 

All 

bytes 

count : 

0 

Bridge  Only: 

All 

frame 

count : 

0 

Bridge  Only: 

All 

bytes 

count : 

0 

Bridge  Only  And  Log: 

All 

frame 

count : 

0 

Bridge  Only  And  Log: 

All 

bytes 

count : 

0 

Forwarding  To  CPU : 

All 

frame 

count : 

0 

Forwarding  To  CPU: 

All 

bytes 

count : 

0 

Forwarded : 

All 

frame 

count : 

2121 

Forwarded : 

All 

bytes 

count : 

180762 

Forwarded  And  Log : 

All 

frame 

count : 

0 

Forwarded  And  Log : 

All 

bytes 

count : 

0 

L3  ACL  INPUT  Statistics 


Drop : 

All 

frame 

count : 

0 

Drop : 

All 

bytes 

count : 

0 

Drop  And  Log : 

All 

frame 

count : 

0 

Drop  And  Log: 

All 

bytes 

count : 

0 

Bridge  Only: 

All 

frame 

count : 

0 

Bridge  Only: 

All 

bytes 

count : 

0 

Bridge  Only  And  Log: 

All 

frame 

count : 

0 

Bridge  Only  And  Log: 

All 

bytes 

count : 

0 

Forwarding  To  CPU: 

All 

frame 

count : 

0 

Forwarding  To  CPU: 

All 

bytes 

count : 

0 

Forwarded: 

All 

frame 

count : 

13586 

Forwarded: 

All 

bytes 

count : 

1236182 

Forwarded  And  Log : 

All 

frame 

count : 

0 

Forwarded  And  Log : 

All 

bytes 

count : 

0 

L2  ACL  OUTPUT  Statistics 


Drop : 

All 

frame 

count : 

0 

Drop : 

All 

bytes 

count : 

0 

Drop  And  Log : 

All 

frame 

count : 

0 

Drop  And  Log : 

All 

bytes 

count : 

0 

Bridge  Only: 

All 

frame 

count : 

0 

Bridge  Only: 

All 

bytes 

count : 

0 

Bridge  Only  And 

Log: 

All 

frame 

count : 

0 

Bridge  Only  And 

Log: 

All 

bytes 

count : 

0 
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Forwarding  To  CPU: 

All 

frame 

count : 

0 

Forwarding  To  CPU: 

All 

bytes 

count : 

0 

Forwarded : 

All 

frame 

count : 

232983 

Forwarded : 

All 

bytes 

count : 

16825661 

Forwarded  And  Log: 

All 

frame 

count : 

0 

Forwarded  And  Log: 

All 

bytes 

count : 

0 

\CL  OUTPUT  Statistics 

Drop : 

All 

frame 

count : 

0 

Drop : 

All 

bytes 

count : 

0 

Drop  And  Log: 

All 

frame 

count : 

0 

Drop  And  Log: 

All 

bytes 

count : 

0 

Bridge  Only: 

All 

frame 

count : 

0 

Bridge  Only: 

All 

bytes 

count : 

0 

Bridge  Only  And  Log: 

All 

frame 

count : 

0 

Bridge  Only  And  Log: 

All 

bytes 

count : 

0 

Forwarding  To  CPU: 

All 

frame 

count : 

0 

Forwarding  To  CPU: 

All 

bytes 

count : 

0 

Forwarded : 

All 

frame 

count : 

514434 

Forwarded : 

All 

bytes 

count : 

39048748 

Forwarded  And  Log: 

All 

frame 

count : 

0 

Forwarded  And  Log: 

All 

bytes 

count : 

0 

Related  Commands 


Command 

access-list 


ip  access  list 


mac  access-list  extended 


Description 

Configures  a  standard  or  extended  numbered  access  list  on  the  switch. 
For  syntax  information,  select  Cisco  IOS  IP  Command  Reference, 
Volume  1  of  3:Addressing  and  Services,  Release  12.2  >  IP  Services 
Commands. 

Configures  a  named  IP  access  list  on  the  switch.  For  syntax 
information,  select  Cisco  IOS  IP  Command  Reference,  Volume  1  of 
3:Addressing  and  Services,  Release  12.2  >  IP  Services  Commands. 

Configures  a  named  or  numbered  MAC  access  list  on  the  switch. 
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show  archive  status 


Syntax  Description 


Use  the  show  archive  status  privileged  EXEC  command  to  display  the  status  of  a  new  image  being 
downloaded  to  a  switch  with  the  HTTP  or  the  TFTP  protocol. 

show  archive  status  [  I  { begin  I  exclude  I  include }  expression] 


I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 

I  exclude  (Optional)  Display  excludes  lines  that  match  the  expression. 

I  include  (Optional)  Display  includes  lines  that  match  the  specified  expression, 

expression  Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  you  use  the  archive  download-sw  privileged  EXEC  command  to  download  an  image  to  a  TFTP  server, 
the  output  of  the  archive  download-sw  command  shows  the  status  of  the  download. 

If  you  do  not  have  a  TFTP  server,  you  can  use  the  embedded  device  manager  to  download  the  image  by 
using  HTTP.  The  show  archive  status  command  shows  the  progress  of  the  download. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


These  are  examples  of  output  from  the  show  archive  status  command: 

Switch#  show  archive  status 

IDLE:  No  upgrade  in  progress 

Switch#  show  archive  status 

LOADING:  Upgrade  in  progress 

Switch#  show  archive  status 

EXTRACT:   Extracting  the  image 

Switch#  show  archive  status 

VERIFY:  Verifying  software 

Switch#  show  archive  status 

RELOAD:  Upgrade  completed.  Reload  pending 


Related  Commands 


Command 

archive  download-sw 


Description 

Downloads  a  new  image  from  a  TFTP  server  to  the  switch. 
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show  auto  qos  I 


show  auto  qos 

Use  the  show  auto  qos  user  EXEC  command  to  display  the  quality  of  service  (QoS)  commands  entered 
on  the  interfaces  on  which  automatic  QoS  (auto-QoS)  is  enabled. 

show  auto  qos  [interface  [interface-id]] 


Syntax  Description      interface  [interface-id]  (Optional)  Display  auto-QoS  information  for  the  specified  port  or 

for  all  ports.  Valid  interfaces  include  physical  ports. 


Command  Modes        User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  show  auto  qos  command  output  shows  only  the  auto-QoS  command  entered  on  each  interface.  The 
show  auto  qos  interface  interface-id  command  output  shows  the  auto-QoS  command  entered  on  a 
specific  interface. 

Use  the  show  running-config  privileged  EXEC  command  to  display  the  auto-QoS  configuration  and  the 
user  modifications. 

To  display  information  about  the  QoS  configuration  that  might  be  affected  by  auto-QoS,  use  one  of  these 
commands: 

•  show  mis  qos 

•  show  mis  qos  maps  cos-dscp 

•  show  mis  qos  interface  [interface-id]  [buffers  I  queueing] 

•  show  mis  qos  maps  [cos-dscp  I  cos-input-q  I  cos-output-q  I  dscp-cos  I  dscp-input-q  I 
dscp-output-q] 

•  show  mis  qos  input-queue 

•  show  running-config 


Examples  This  is  an  example  of  output  from  the  show  auto  qos  command  after  the  auto  qos  voip  cisco-phone  and 

the  auto  qos  voip  cisco-softphone  interface  configuration  commands  are  entered: 

Switch>  show  auto  qos 

GigabitEthernetO/4 

auto  qos  voip  cisco-softphone 

GigabitEthernetO/5 

auto  qos  voip  cisco-phone 

GigabitEthernetO/6 

auto  qos  voip  cisco-phone 
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This  is  an  example  of  output  from  the  show  auto  qos  interface  interface-id  command  when 
the  auto  qos  voip  cisco-phone  interface  configuration  command  is  entered: 

Switch>  show  auto  qos  interface  gigabitethernet  0/5 

GigabitEthernetO/5 

auto  qos  voip  cisco-phone 

This  is  an  example  of  output  from  the  show  running-config  privileged  EXEC  command  when  the  auto 
qos  voip  cisco-phone  and  the  auto  qos  voip  cisco-softphone  interface  configuration  commands  are 
entered: 

Switch#  show  running-config 

Building  configuration. . . 


mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 
mis 


qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 
qos 


map  policed-dscp     24  26  46  to  0 
map  cos-dscp  0   8   16  26  32   46  48 
srr-queue  input  bandwidth  90  10 
srr-queue  input  threshold  1  8  16 
srr-queue  input  threshold  2  34  6 
srr-queue  input  buffers  67  33 
srr-queue  input  cos -map  queue  1 
srr-queue  input  cos-map  queue  1 
srr-queue  input  cos-map  queue  2 
srr-queue  input  cos-map  queue  2 
srr-queue  input  cos-map  queue  2 
srr-queue  input  dscp-map  queue  1 
srr-queue  input  dscp-map  queue  1 
srr-queue  input  dscp-map  queue  1 
srr-queue  input  dscp-map  queue  2 
srr-queue  input  dscp-map  queue  2 
srr-queue  input  dscp-map  queue  2 
srr-queue  input  dscp-map  queue  2 
srr-queue  input  dscp-map  queue  2 
srr-queue  input  dscp-map  queue  2 
srr-queue  output  cos-map  queue  1 
srr-queue  output  cos -map  queue  2 
srr-queue  output  cos -map  queue  3 
srr-queue  output  cos -map  queue  4 
srr-queue  output  cos -map  queue  4 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
srr-queue  output  dscp-map  queue 
queue-set  output  1  threshold  1  1 
queue-set  output  1 


56 


threshold  2 
threshold  3 
threshold  1 
threshold  2 
threshold  3 
threshold  2 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
1  threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 


1 
0 
2 

4   6  7 

3  5 
9  10  ] 
0  12 
32 

16  17 
33  34 
49  50 
57  58 
24  25 
40  41 
5 

3   6  7 
2  4 
1 
0 


1  12   13   14  15 

3   4  5   6  7 


18  19  20  21  22  23 


35  36  37  38  39 


52  53  54  55 
60   61   62  63 


48 
56 


51 
59 

26  27  28  29   30  31 


42   43   44  45  46  47 


queue-set  output  1 
queue-set  output  1 
queue-set  output  2 
queue-set  output  2 
queue-set  output  2 
queue-set  output  2 
queue-set  output  1 
queue-set  output  2 


threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
threshold 
buffers  15  20 
buffers  24  20 


3 
3 
3 
3 
3 
3 
1 
2 
3 

00  100  100  10C 
5  75  75  250 
5  150  100  300 
0  100  75  400 
00  100  100  10C 
5  35  35  35 
5   82   100  182 
0  250  100  400 

20  45 

26  30 


40  41 

24  25 

48  49 

56  57 

16  17 

32  33 


42   43   44  45  46  47 


26  27  28  29  30 


50 
58 
18 


31 
55 


51  52   53  54 
59   60   61   62  63 
19  20  21  22  23 


34  35  36  37  38  39 


9  10  11  12  13  14  15 
01234567 


class-map  match-all  AutoQoS-VoIP-RTP-Trust 

match  ip  dscp  ef 
class-map  match-all  AutoQoS-VoIP-Control-Trust 
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show  auto  qos  I 


match  ip  dscp  cs3  af31 

j 

policy-map  AutoQoS-Police-Sof t Phone 
class  AutoQoS-VoIP-RTP-Trust 
set  dscp  ef 

police  320000  8000  exceed-action  policed-dscp-transmit 
class  AutoQoS-VoIP-Control-Trust 
set  dscp  cs3 

police  32000  8000  exceed-action  policed-dscp-transmit 


interface  GigabitEthernet0/4 
switchport  mode  access 
switchport  port-security  maximum  400 
service-policy  input  AutoQoS-Police-Sof tPhone 
speed  100 
duplex  half 

srr-queue  bandwidth  share  10  10  60  20 
srr-queue  bandwidth  shape     10     0     0  0 
auto  qos  voip  cisco-sof tphone 

i 

interface  GigabitEthernetO/5 
switchport  mode  access 
switchport  port-security  maximum  1999 
speed  100 
duplex  full 

srr-queue  bandwidth  share  10  10  60  20 

srr-queue  bandwidth  shape     10     0     0  0 

mis  qos  trust  device  cisco-phone 

mis  qos  trust  cos 

auto  qos  voip  cisco-phone 

j 

interface  GigabitEthernetO/6 
switchport  trunk  encapsulation  dotlq 
switchport  trunk  native  vlan  2 
switchport  mode  access 
speed  10 

srr-queue  bandwidth  share  10  10  60  20 

srr-queue  bandwidth  shape     10     0     0  0 

mis  qos  trust  device  cisco-phone 

mis  qos  trust  cos 

auto  qos  voip  cisco-phone 


<output  truncated> 

This  is  an  example  of  output  from  the  show  auto  qos  interface  interface-id  command  when  the  auto 
qos  voip  cisco-phone  interface  configuration  command  is  entered: 

Switch>  show  auto  qos  interface  f astethernetO/2 
FastethernetO/2  auto  qos  voip  cisco-sof tphone 

These  are  examples  of  output  from  the  show  auto  qos  command  when  auto-QoS  is  disabled  on  the 
switch: 

Switch>  show  auto  qos 

AutoQoS  not  enabled  on  any  interface 

These  are  examples  of  output  from  the  show  auto  qos  interface  interface-id  command  when  auto-QoS 
is  disabled  on  an  interface: 

Switch>  show  auto  qos  interface  gigabitethernetO/1 

AutoQoS  is  disabled 
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Related  Commands 


Command 

Description 

auto  qos  voip 

Automatically  configures  QoS  for  VoIP  within  a  QoS  domain. 

debug  auto  qos 

Enables  debugging  of  the  auto-QoS  feature. 
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show  boot 


Use  the  show  boot  privileged  EXEC  command  to  display  the  settings  of  the  boot  environment  variables, 
show  boot  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


Table  2-15 


This  is  an  example  of  output  from  the  show  boot  command.  Table  2-15  describes  each  field  in  the 
display. 


Switch#  show  boot 
BOOT  path-list 
Config  file 
Private  Config  file 
Enable  Break 
Manual  Boot 
HELPER  path-list 
Auto  upgrade 

show  boot  Field  Descriptions 


flash: cgesm-i612-mz . 122-25 . SEl/cgesm-i612-mz . 122-25 . SE1 .bin 
flash : /config . text 
flash: /private-conf ig . text 
yes 
no 


yes 


Field 

Description 

BOOT  path-list 

Displays  a  semicolon  separated  list  of  executable  files  to  try  to  load  and  execute  when 
automatically  booting  up. 

If  the  BOOT  environment  variable  is  not  set,  the  system  attempts  to  load  and  execute 
the  first  executable  image  it  can  find  by  using  a  recursive,  depth-first  search  through  the 
flash  file  system.  In  a  depth-first  search  of  a  directory,  each  encountered  subdirectory 
is  completely  searched  before  continuing  the  search  in  the  original  directory. 

If  the  BOOT  variable  is  set  but  the  specified  images  cannot  be  loaded,  the  system 
attempts  to  boot  the  first  bootable  file  that  it  can  find  in  the  flash  file  system. 

Config  file 

Displays  the  filename  that  Cisco  IOS  uses  to  read  and  write  a  nonvolatile  copy  of  the 
system  configuration. 
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Table  2-15         show  boot  Field  Descriptions 


Field 

Description 

Private  Config  file 

Displays  the  filename  that  Cisco  IOS  uses  to  read  and  write  a  nonvolatile  copy  of  the 
system  configuration. 

Enable  Break 

Displays  whether  a  break  during  booting  up  is  enabled  or  disabled.  If  it  is  set  to  yes,  on, 
or  1,  you  can  interrupt  the  automatic  bootup  process  by  pressing  the  Break  key  on  the 
console  after  the  flash  file  system  is  initialized. 

Manual  Boot 

Displays  whether  the  switch  automatically  or  manually  boots  up.  If  it  is  set  to  no  or  0, 
the  bootloader  attempts  to  automatically  boot  up  the  system.  If  it  is  set  to  anything  else, 
you  must  manually  boot  up  the  switch  from  the  bootloader  mode. 

Helper  path-list 

Displays  a  semicolon  separated  list  of  loadable  files  to  dynamically  load  during  the 
bootloader  initialization.  Helper  files  extend  or  patch  the  functionality  of  the 
bootloader. 

NVRAM/Config  file  buffer  size 

Displays  the  buffer  size  that  Cisco  IOS  uses  to  hold  a  copy  of  the  configuration  file  in 
memory.  The  configuration  file  cannot  be  larger  than  the  buffer  size  allocation. 

Related  Commands      Command  Description 


boot  config-file 

Specifies  the  filename  that  Cisco  IOS  uses  to  read  and  write  a  nonvolatile 

copy  of  the  system  configuration. 

boot  enable-break 

Enables  interrupting  the  automatic  bootup  process. 

boot  manual 

Enables  manually  booting  up  the  switch  during  the  next  bootup  cycle. 

boot 

Specifies  the  filename  that  Cisco  IOS  uses  to  read  and  write  a  nonvolatile 

private-config-file 

copy  of  the  private  configuration. 

boot  system 

Specifies  the  Cisco  IOS  image  to  load  during  the  next  bootup  cycle. 
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show  cable-diagnostics  tdr 


Use  the  show  cable-diagnostics  tdr  privileged  EXEC  command  to  display  the  Time  Domain  Reflector 
(TDR)  results. 

show  cable-diagnostics  tdr  interface  interface-id  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


interface-id 

Specify  the  interface  on  which  TDR  was  run. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


TDR  is  supported  only  on  10/100/1000  copper  Ethernet  ports.  It  is  not  supported  on  SFP  module  ports. 
For  more  information  about  TDR,  see  the  software  configuration  guide  for  this  release. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  cable-diagnostics  tdr  interface  interface-id  command: 


Switch#  show  cable-diagnostics  tdr  interface  gigabitethernetO/2 

TDR  test  last  run  on:   March  01  20:15:40 

Interface  Speed  Local  pair  Pair  length  Remote  pair  Pair  status 


GiO/2 


auto     Pair  A 

Pair  B 
Pair  C 
Pair  D 


0  +/-  2  meters  N/A 

0  +/-  2  meters  N/A 

0  +/-  2  meters  N/A 

0  +/-  2  meters  N/A 


Open 

Open 
Open 
Open 


Table  2-16  lists  the  descriptions  of  the  fields  in  the  show  cable-diagnostics  tdr  command  output. 
Table  2-16        Fields  Descriptions  for  the  show  cable-diagnostics  tdr  Command  Output 


Field 

Description 

Interface 

Interface  on  which  TDR  was  run. 

Speed 

Speed  of  connection. 

Local  pair 

Name  of  the  pair  of  wires  that  TDR  is  testing  on  the  local  interface. 
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Table  2-16         Fields  Descriptions  for  the  show  cable-diagnostics  tdr  Command  Output  (continued) 


Fiplri 

flpQpr  intinn 

UCoUl  IULIUII 

Pair  length 

Location  on  the  cable  where  the  problem  is,  with  respect  to  your  switch.  TDR  can 

nnlv  "FinH  tVip  Inflation  in  onp  of  tViPQp  pjiqpc" 

Ulll  y   1111U  L11C  lUUdLlVJll  111  VJ11C  Ul   L 1 1 L  SC  LdoCd. 

•  The  cable  is  properly  connected,  the  link  is  up,  and  the  interface  speed  is 
1000  Mb/s. 

•  The  cable  is  open. 

•  The  cable  has  a  short. 

Remote  pair 

Name  of  the  pair  of  wires  to  which  the  local  pair  is  connected.  TDR  can  learn  about 
the  remote  pair  only  when  the  cable  is  properly  connected  and  the  link  is  up. 

Pair  status 

The  status  of  the  pair  of  wires  on  which  TDR  is  running: 

•  Normal — The  pair  of  wires  is  properly  connected. 

•  Not  completed — The  test  is  running  and  is  not  completed. 

•  Not  supported — The  interface  does  not  support  TDR. 

•  Open — The  pair  of  wires  is  open. 

•  Shorted — The  pair  of  wires  is  shorted. 

This  is  an  example  of  output  from  the  show  interface  interface-id  command  when  TDR  is  running: 

Switch#  show  interface  gigabitethernetO/2 

gigabitethernetO/22  is  up,    line  protocol  is  up   (connected:  TDR  in  Progress) 

This  is  an  example  of  output  from  the  show  cable-diagnostics  tdr  interface  interface-id  command  when 
TDR  is  not  running: 

Switch#  show  cable-diagnostics  tdr  interface  gigabitethernetO/2 

%  TDR  test  was  never  issued  on  Gi0/22 

If  an  interface  does  not  support  TDR,  this  message  appears: 

%  TDR  test  is  not  supported  on  switch  1 


Related  Commands      Command  Description 

test  cable-diagnostics  tdr        Enables  and  runs  TDR  on  an  interface. 
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show  class-map  H 


show  class-map 


Use  the  show  class-map  user  EXEC  command  to  display  quality  of  service  (QoS)  class  maps,  which 
define  the  match  criteria  to  classify  traffic. 

show  class-map  [class-map-name]  [  I  {begin  I  exclude  I  include)  expression] 


Syntax  Description 


class-map-name 

(Optional)  Display  the  contents  of  the  specified  class  map. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  from  the  show  class-map  command: 

Switch>  show  class-map 

Class  Map  match-all  videowizard_10-10-10-10    (id  2) 
Match  access-group  name  videowizard_10-10-10-10 

Class  Map  match-any  class-default   (id  0) 

Match  any 
Class  Map  match-all  dscp5    (id  3) 

Match  ip  dscp  5 


Related  Commands 


Command 

class-map 


Description 

Creates  a  class  map  to  be  used  for  matching  packets  to  the  class 
whose  name  you  specify. 


match  (class-map  configuration)      Defines  the  match  criteria  to  classify  traffic. 
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show  cluster 


Use  the  show  cluster  user  EXEC  command  to  display  the  cluster  status  and  a  summary  of  the  cluster  to 
which  the  switch  belongs.  This  command  can  be  entered  on  the  cluster  command  switch  and  cluster 
member  switches. 

show  cluster  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


If  you  enter  this  command  on  a  switch  that  is  not  a  cluster  member,  the  error  message  Not  a  management 

cluster  member  appears. 

On  a  cluster  member  switch,  this  command  displays  the  identity  of  the  cluster  command  switch,  the 
switch  member  number,  and  the  state  of  its  connectivity  with  the  cluster  command  switch. 

On  a  cluster  command  switch  stack  or  cluster  command  switch,  this  command  displays  the  cluster  name 
and  the  total  number  of  members.  It  also  shows  the  cluster  status  and  time  since  the  status  changed.  If 
redundancy  is  enabled,  it  displays  the  primary  and  secondary  command-switch  information. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  when  the  show  cluster  command  is  entered  on  the  active  cluster  command 
switch: 


Switch>  show  cluster 

Command  switch  for  cluster  "Ajang" 
Total  number  of  members: 
Status : 

Time  since  last  status  change: 

Redundancy : 

Standby  command  switch: 
Standby  Group: 
Standby  Group  Number: 

Heartbeat  interval : 

Heartbeat  hold-time: 

Extended  discovery  hop  count: 


7 

1  members  are  unreachable 

0  days ,    0  hours ,    2  minutes 

Enabled 

Member  1 

Aj  ang_standby 

110 
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show  cluster  M 


This  is  an  example  of  output  when  the  show  cluster  command  is  entered  on  a  cluster  member  switch: 

Switchl>  show  cluster 

Member  switch  for  cluster  "hapuna" 

Member  number :  3 

Management  IP  address:  192.192.192.192 

Command  switch  mac  address:  0000 . 0c07 . acl4 

Heartbeat  interval :  8 

Heartbeat  hold-time:  80 

This  is  an  example  of  output  when  the  show  cluster  command  is  entered  on  a  cluster  member  switch 
that  is  configured  as  the  standby  cluster  command  switch: 

Switch>  show  cluster 

Member  switch  for  cluster  "hapuna" 

Member  number:  3    (Standby  command  switch) 

Management  IP  address:  192.192.192.192 

Command  switch  mac  address:  0000 . 0c07 . acl4 

Heartbeat  interval :  8 

Heartbeat  hold-time:  80 

This  is  an  example  of  output  when  the  show  cluster  command  is  entered  on  the  cluster  command  switch 
that  has  lost  connectivity  with  member  1: 

Switch>  show  cluster 

Command  switch  for  cluster  "Ajang" 

Total  number  of  members:  7 

Status :  1  members  are  unreachable 

Time  since  last  status  change:  0  days,    0  hours,    5  minutes 

Redundancy:  Disabled 

Heartbeat  interval :  8 

Heartbeat  hold-time:  80 

Extended  discovery  hop  count:  3 

This  is  an  example  of  output  when  the  show  cluster  command  is  entered  on  a  cluster  member  switch 
that  has  lost  connectivity  with  the  cluster  command  switch: 

Switch>  show  cluster 

Member  switch  for  cluster  "hapuna" 

Member  number :  <UNKNOWN> 

Management  IP  address:  192.192.192.192 

Command  switch  mac  address:  0000 . 0c07 . acl4 

Heartbeat  interval :  8 

Heartbeat  hold-time:  80 


Related  Commands      Command  Description 


cluster  enable 

Enables  a  command-capable  switch  as  the  cluster  command  switch, 

assigns  a  cluster  name,  and  optionally  assigns  a  member  number  to  it. 

show  cluster  candidates 

Displays  a  list  of  candidate  switches. 

show  cluster  members 

Displays  information  about  the  cluster  members. 
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show  cluster  candidates 

Use  the  show  cluster  candidates  privileged  EXEC  command  to  display  a  list  of  candidate  switches, 
show  cluster  candidates  [detail  I  mac-address  H.H.H.]  [  I  {begin  I  exclude  I  include}  expression] 

Syntax  Description      detail  (Optional)  Display  detailed  information  for  all  candidates. 


mac-address  H.H.H. 

(Optional)  MAC  address  of  the  cluster  candidate. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       This  command  is  available  only  on  the  cluster  command  switch. 

If  the  switch  is  not  a  cluster  command  switch,  the  command  displays  an  empty  line  at  the  prompt. 

The  SN  in  the  display  means  switch  member  number.  If  E  appears  in  the  SN  column,  it  means  that  the 
switch  is  discovered  through  extended  discovery.  If  E  does  not  appear  in  the  SN  column,  it  means  that 
the  switch  member  number  is  the  upstream  neighbor  of  the  candidate  switch.  The  hop  count  is  the 
number  of  devices  the  candidate  is  from  the  cluster  command  switch. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples  This  is  an  example  of  output  from  the  show  cluster  candidates  command: 

Switch>  show  cluster  candidates 

|  Upstream  | 


MAC  Address 

Name 

Device  Type 

Portlf 

FEC 

Hops 

SN 

Portlf 

OOdO 

.7961. 

,c4c0 

StLouis-2 

WS-cgesm-12T 

Gi0/1 

2 

1 

FaO/11 

OOdO 

,bbf5. 

,e900 

ldf-dist-128 

WS-C3524-XL 

Fa0/7 

1 

0 

Fa0/24 

OOeO 

.Ie7e 

.be80 

1900_Switch 

1900 

3 

0 

1 

0 

FaO/11 

OOeO 

.le9f 

.7a00 

Surfers-24 

WS-C2924-XL 

Fa0/5 

1 

0 

FaO/3 

OOeO 

.le9f 

.8c00 

Surfers-12-2 

WS-C2912-XL 

Fa0/4 

1 

0 

Fa0/7 

OOeO 

.le9f . 

.8c40 

Surfers-12-1 

WS-C2912-XL 

Fa0/1 

1 

0 

FaO/9 

This  is  an  example  of  output  from  the  show  cluster  candidates  command  that  uses  the  MAC  address  of 
a  cluster  member  switch  directly  connected  to  the  cluster  command  switch: 

Switch>  show  cluster  candidates  mac-address  OOdO . 7961 . c4c0 

Device   'Tahiti-12'  with  mac  address  number  OOdO . 79 61 . c4c0 
Device  type:  cisco  WS-cgesm-12T 
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show  cluster  candidates  B 


Upstream  MAC  address:       OOdO . 796d. 2f 00    (Cluster  Member  0) 
Local  port:  G16/0/1       FEC  number: 

Upstream  port:  GI6/0/11     FEC  Number: 

Hops  from  cluster  edge:  1 

Hops  from  command  device:  1 

This  is  an  example  of  output  from  the  show  cluster  candidates  command  that  uses  the  MAC  address  of 
a  cluster  member  switch  three  hops  from  the  cluster  edge: 

Switch;-  show  cluster  candidates  mac-address  0010  . 7bb6 .  lccO 

Device   'Ventura'  with  mac  address  number  0010 . 7bb6 . lccO 
Device  type:  Cisco  WS-C2912MF-XL 

Upstream  MAC  address:       0010 . 7bb6 . Icd4 
Local  port:  Fa2/1       FEC  number: 

Upstream  port:  FaO/24     FEC  Number: 

Hops  from  cluster  edge:  3 
Hops  from  command  device:  - 

This  is  an  example  of  output  from  the  show  cluster  candidates  detail  command: 

Switch>  show  cluster  candidates  detail 

Device   'Tahiti-12 '  with  mac  address  number  OOdO . 7961 . c4c0 
Device  type:  Cisco  WS-C3512-XL 

Upstream  MAC  address:       OOdO . 796d. 2f 00    (Cluster  Member  1) 
Local  port:  FaO/3       FEC  number: 

Upstream  port:  FaO/13     FEC  Number: 

Hops  from  cluster  edge:  1 
Hops  from  command  device:  2 
Device   ' 1900_Switch '  with  mac  address  number  00e0.le7e.be80 
Device  type:  cisco  1900 

Upstream  MAC  address:       OOdO . 796d. 2f 00    (Cluster  Member  2) 
Local  port:  3  FEC  number:  0 

Upstream  port:  Fa0/ll     FEC  Number: 

Hops  from  cluster  edge:  1 
Hops  from  command  device:  2 
Device   'Surfers-24'  with  mac  address  number  00e0.le9f.7a00 
Device  type:  cisco  WS-C2924-XL 

Upstream  MAC  address:       OOdO . 796d. 2f 00    (Cluster  Member  3) 
Local  port:  Fa0/5       FEC  number: 

Upstream  port:  FaO/3       FEC  Number: 

Hops  from  cluster  edge:  1 
Hops  from  command  device:  2 


Related  Commands      Command  Description 


show  cluster 

Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the 

switch  belongs. 

show  cluster  members 

Displays  information  about  the  cluster  members. 
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show  cluster  members 

Use  the  show  cluster  members  privileged  EXEC  command  to  display  information  about  the  cluster 
members. 

show  cluster  members  [n  I  detail]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description       n  (Optional)  Number  that  identifies  a  cluster  member.  The  range  is  0  to  15. 


detail 

(Optional)  Display  detailed  information  for  all  cluster  members. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       This  command  is  available  only  on  the  cluster  command  switch. 

If  the  cluster  has  no  members,  this  command  displays  an  empty  line  at  the  prompt. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples  This  is  an  example  of  output  from  the  show  cluster  members  command.  The  SN  in  the  display  means 

switch  number. 

Switch#  show  cluster  members 


1  — 

-Upstream  

1 

SN 

MAC  Address 

Name 

Portlf 

FEC 

Hops 

SN 

Portlf  FEC 

State 

0 

0002.4b29.2e00 

StLouisl 

0 

Up  (i 

1 

0030. 946c. d740 

tal-switch-1 

FaO/13 

1 

0 

Gi0/1 

Up 

2 

0002 .b922 .7180 

nms-2820 

10 

0 

2 

1 

FaO/18 

Up 

3 

0002. 4b29. 4400 

SanJuan2 

Gi0/1 

2 

1 

Fa0/ll 

Up 

4 

0002.4b28.c480 

GenieTest 

GiO/2 

2 

1 

FaO/9 

Up 

This  is  an  example  of  output  from  the  show  cluster  members  for  cluster  member  3: 

Switch#  show  cluster  members  3 

Device   ' SanJuan2 '  with  member  number  3 

Device  type:  cisco  WS-cgesm 

MAC  address:  0002 . 4b29 . 4400 

Upstream  MAC  address:       003 0 . 946c . d740    (Cluster  member  1) 
Local  port:  Gi0/1       FEC  number: 

Upstream  port:  GiO/11     FEC  Number: 

Hops  from  command  device:  2 
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show  cluster  members  U 


This  is  an  example  of  output  from  the  show  cluster  members  detail  command: 

Switch#  show  cluster  members  detail 

Device   ' StLouisl'  with  member  number  0    (Command  Switch) 
Device  type:  cisco  WS-cgesm 

MAC  address:  0002 . 4b29 . 2e00 

Upstream  MAC  address : 

Local  port:  FEC  number: 

Upstream  port:  FEC  Number: 

Hops  from  command  device:  0 
Device   ' tal-switch-14 '  with  member  number  1 

Device  type:  cisco  WS-C3548-XL 

MAC  address:  0030 . 946c . d740 

Upstream  MAC  address:       0002 . 4b29 . 2e00    (Cluster  member  0) 
Local  port:  FaO/13     FEC  number: 

Upstream  port:  Gi0/1       FEC  Number: 

Hops  from  command  device:  1 
Device   'nms-2820'  with  member  number  2 

Device  type:  cisco  2820 

MAC  address:  0002 .b922 . 7180 

Upstream  MAC  address:       0030 . 946c . d740    (Cluster  member  1) 
Local  port:  10  FEC  number:  0 

Upstream  port:  FaO/18     FEC  Number: 

Hops  from  command  device:  2 
Device   ' SanJuan2 '  with  member  number  3 

Device  type:  cisco  WS-cgesm 

MAC  address:  0002 . 4b29 . 4400 

Upstream  MAC  address:       0030 . 946c . d740    (Cluster  member  1) 
Local  port:  Gi0/1       FEC  number: 

Upstream  port:  Fa0/ll     FEC  Number: 

Hops  from  command  device:  2 
Device   'GenieTest'  with  member  number  4 

Device  type:  cisco  SeaHorse 

MAC  address:  0002 . 4b28 . c480 

Upstream  MAC  address:       0030 . 946c . d740    (Cluster  member  1) 
Local  port:  GiO/2       FEC  number: 

Upstream  port:  FaO/9       FEC  Number: 

Hops  from  command  device:  2 
Device   'Palpatine'  with  member  number  5 

Device  type:  cisco  WS-C2924M-XL 

MAC  address:  OObO . 6404 . f 8c0 

Upstream  MAC  address:       0002 . 4b29 . 2e00    (Cluster  member  0) 
Local  port:  Gi2/1       FEC  number: 

Upstream  port:  GiO/7       FEC  Number: 

Hops  from  command  device:  1 


Related  Commands      Command  Description 


show  cluster 

Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the 

switch  belongs. 

show  cluster  candidates 

Displays  a  list  of  candidate  switches. 
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show  controllers  cpu-interface 


Use  the  show  controllers  cpu-interface  privileged  EXEC  command  to  display  the  state  of  the  CPU 
network  interface  ASIC  and  the  send  and  receive  statistics  for  packets  reaching  the  CPU. 

show  controllers  cpu-interface  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


This  display  provides  information  that  might  be  useful  for  Cisco  technical  support  representatives 
troubleshooting  the  switch. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  a  partial  output  example  from  the  show  controllers  cpu-interface  command: 


Switch*  show  controllers  cpu-interface 

cpu-queue- frames    retrieved  dropped 


invalid 


rpc  4523063  0 

stp  1545035  0 

ipc  1903047  0 

routing  protocol     96145  0 

L2  protocol  79596  0 

remote  console  0  0 

sw  forwarding  5756  0 

host  225646  0 

broadcast  46472  0 

cbt-to-spt  0  0 

igmp  snooping  68411  0 

icmp  0  0 

logging  0  0 

rpf-fail  0  0 

gueuel4  0  0 

cpu  heartbeat  1710501  0 


hol-block 


Supervisor  ASIC  receive-queue  parameters 


queue  0  maxrecevsize  5EE  pakhead  1419A20  paktail  13EAED4 
queue  1  maxrecevsize  5EE  pakhead  15828E0  paktail  157FBFC 
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show  controllers  cpu-interface  M 


queue  2  maxrecevsize  5EE  pakhead  1470D40  paktail  1470FE4 
queue  3  maxrecevsize  5EE  pakhead  19CDDD0  paktail  19D02C8 


<output  truncated> 
Supervisor  ASIC  Mic  Registers 


MicDirectPollInf o 
MicIndicationsReceived 
MicInterruptsReceived 
MicPcsInf o 

MicPlbMasterConf iguration 
MicRxFif osAvailable 
MicRxFif osReady 
MicTimeOutPeriod: 


80000800 
00000000 
00000000 
0001001F 
00000000 
00000000 
0000BFFF 
FrameTOPeriod:  00000EA6 


DirectTOPeriod:  00004000 


<output  truncated> 


MicTransmitFif olnf o : 
Fif  oO 


Fif ol : 


Fif o2 : 


Fif o3 : 


Fif o4 : 


Fif o5 : 


Fif 06 : 


StartPtrs : 

038C2800 

ReadPtr : 

038C2C38 

WritePtrs : 

038C2C38 

Fif o_Flag : 

8A800800 

Weights : 

001E001E 

StartPtr : 

03A9BC00 

ReadPtr : 

03A9BC60 

WritePtrs : 

03A9BC60 

Fif o_Flag : 

89800400 

writeHeaderPtr : 

03A9BC60 

StartPtr : 

038C8800 

ReadPtr : 

038C88E0 

WritePtrs : 

038C88E0 

Fif o_Flag : 

88800200 

writeHeaderPtr : 

038C88E0 

StartPtr : 

03C30400 

ReadPtr : 

03C30638 

WritePtrs : 

03C30638 

Fif o_Flag : 

89800400 

writeHeaderPtr : 

03C30638 

StartPtr: 

03AD5000 

ReadPtr : 

03AD50A0 

WritePtrs : 

03AD50A0 

Fif o_Flag : 

89800400 

writeHeaderPtr : 

03AD50A0 

StartPtr: 

03A7A600 

ReadPtr : 

03A7A600 

WritePtrs : 

03A7A600 

Fif o_Flag : 

88800200 

writeHeaderPtr : 

03A7A600 

StartPtr : 

03BF8400 

ReadPtr : 

03BF87F0 

WritePtrs : 

03BF87F0 

Fif o_Flag : 

89800400 

<output  truncated> 


Related  Commands      Command  Description 

show  controllers  Displays  per-interface  send  and  receive  statistics  read  from  the  hardware  or 

ethernet-controller        the  interface  internal  registers. 

show  interfaces  Displays  the  administrative  and  operational  status  of  all  interfaces  or  a 

specified  interface. 
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Use  the  show  controllers  ethernet-controller  privileged  EXEC  command  without  keywords  to  display 
per-interface  send  and  receive  statistics  read  from  the  hardware.  Use  with  the  phy  keyword  to  display 
the  interface  internal  registers  or  the  port-asic  keyword  to  display  information  about  the  port  ASIC. 

show  controllers  ethernet-controller  [interface-id]  [phy  [detail]]  [port-asic  {configuration  I 
statistics}]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


interface-id 

The  physical  interface  (including  type,  module,  and  port  number). 

phy 

(Optional)  Display  the  status  of  the  internal  registers  on  the  switch  physical  layer 

device  (PHY)  for  the  device  or  the  interface.  This  display  includes  the  operational 

state  of  the  automatic  medium-dependent  interface  crossover  (auto-MDIX) 

feature  on  an  interface. 

detail 

(Optional)  Display  details  about  the  PHY  internal  registers. 

port-asic 

(Optional)  Display  information  about  the  port  ASIC  internal  registers. 

configuration 

Display  port  ASIC  internal  register  configuration. 

statistics 

Display  port  ASIC  statistics,  including  the  Rx/Sup  Queue  and  miscellaneous 

statistics. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Privileged  EXEC  (only  supported  with  the  interface-id  keywords  in  user  EXEC  mode) 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


This  display  without  keywords  provides  traffic  statistics,  basically  the  RMON  statistics  for  all  interfaces 
or  for  the  specified  interface. 

When  you  enter  the  phy  or  port-asic  keywords,  the  displayed  information  is  useful  primarily  for  Cisco 
technical  support  representatives  troubleshooting  the  switch. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 
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Examples  This  is  an  example  of  output  from  the  show  controllers  ethernet-controller  command  for  an  interface. 

Table  2-17  describes  the  Transmit  fields,  and  Table  2-18  describes  the  Receive  fields. 

Switch#  show  controllers  ethernet-controller  gigabitethernetO/1 

Transmit  GigabitEthernetO / 1  Receive 


0 

Bytes 

0 

Bytes 

0 

Unicast  frames 

0 

Unicast  frames 

0 

Multicast  frames 

0 

Multicast  frames 

0 

Broadcast  frames 

0 

Broadcast  frames 

0 

Too  old  frames 

0 

Unicast  bytes 

0 

Deferred  frames 

0 

Multicast  bytes 

0 

MTU  exceeded  frames 

0 

Broadcast  bytes 

0 

1  collision  frames 

0 

Alignment  errors 

0 

2  collision  frames 

0 

FCS  errors 

0 

3  collision  frames 

0 

Oversize  frames 

0 

4  collision  frames 

0 

Undersize  frames 

0 

5  collision  frames 

0 

Collision  fragments 

0 

6  collision  frames 

0 

7  collision  frames 

0 

Minimum  size  frames 

0 

8  collision  frames 

0 

65  to  127  byte  frames 

0 

9  collision  frames 

0 

128  to  255  byte  frames 

0 

10  collision  frames 

0 

256  to  511  byte  frames 

0 

11  collision  frames 

0 

512  to  1023  byte  frames 

0 

12  collision  frames 

0 

1024  to  1518  byte  frames 

0 

13  collision  frames 

0 

Overrun  frames 

0 

14  collision  frames 

0 

Pause  frames 

0 

15  collision  frames 

0 

Symbol  error  frames 

0 

Excessive  collisions 

0 

Late  collisions 

0 

Invalid  frames,    too  large 

0 

VLAN  discard  frames 

0 

Valid  frames,    too  large 

0 

Excess  defer  frames 

0 

Invalid  frames,    too  small 

0 

64  byte  frames 

0 

Valid  frames,    too  small 

0 

127  byte  frames 

0 

255  byte  frames 

0 

Too  old  frames 

0 

511  byte  frames 

0 

Valid  oversize  frames 

0 

1023  byte  frames 

0 

System  FCS  error  frames 

0 

1518  byte  frames 

0 

RxPortFif oFull  drop  frame 

0 

Too  large  frames 

0 

Good   (1  coll)  frames 

Table  2-17         Transmit  Field  Descriptions 


Field 

Description 

Bytes 

The  total  number  of  bytes  sent  on  an  interface. 

Unicast  Frames 

The  total  number  of  frames  sent  to  unicast  addresses. 

Multicast  frames 

The  total  number  of  frames  sent  to  multicast  addresses. 

Broadcast  frames 

The  total  number  of  frames  sent  to  broadcast  addresses. 

Too  old  frames 

The  number  of  frames  dropped  on  the  egress  port  because  the  packet  aged  out. 

Deferred  frames 

The  number  of  frames  that  are  not  sent  after  the  time  exceeds  2*maximum-packet  time. 

MTU  exceeded  frames 

The  number  of  frames  that  are  larger  than  the  maximum  allowed  frame  size. 

1  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  one  collision  occurs. 

2  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  two  collisions  occur. 

3  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  three  collisions  occur. 

4  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  four  collisions  occur. 
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Table  2-17  Transmit  Field  Descriptions  (continued) 


Field 

Description 

5  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  five  collisions  occur. 

6  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  six  collisions  occur. 

7  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  seven  collisions  occur. 

8  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  eight  collisions  occur. 

9  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  nine  collisions  occur. 

10  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  ten  collisions  occur. 

1 1  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  1 1  collisions  occur. 

12  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  12  collisions  occur. 

13  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  13  collisions  occur. 

14  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  14  collisions  occur. 

15  collision  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  15  collisions  occur. 

Excessive  collisions 

The  number  of  frames  that  could  not  be  sent  on  an  interface  after  16  collisions  occur. 

Late  collisions 

After  a  frame  is  sent,  the  number  of  frames  dropped  because  late  collisions  were  detected  while  the 
frame  was  sent. 

VLAN  discard  frames 

The  number  of  frames  dropped  on  an  interface  because  the  CFI1  bit  is  set. 

Excess  defer  frames 

The  number  of  frames  that  are  not  sent  after  the  time  exceeds  the  maximum-packet  time. 

64  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  64  bytes. 

127  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  from  65  to  127  bytes. 

255  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  from  128  to  255  bytes. 

511  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  from  256  to  51 1  bytes. 

1023  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  from  512  to  1023  bytes. 

1518  byte  frames 

The  total  number  of  frames  sent  on  an  interface  that  are  from  1024  to  1518  bytes. 

Too  large  frames 

The  number  of  frames  sent  on  an  interface  that  are  larger  than  the  maximum  allowed  frame  size. 

Good  (1  coll)  frames 

The  number  of  frames  that  are  successfully  sent  on  an  interface  after  one  collision  occurs.  This  value 
does  not  include  the  number  of  frames  that  are  not  successfully  sent  after  one  collision  occurs. 

1.    CFI  =  Canonical  Format  Indicator 


Table  2-18         Receive  Field  Descriptions 


Field 

Description 

Bytes 

The  total  amount  of  memory  (in  bytes)  used  by  frames  received  on  an  interface,  including  the 
FCS1  value  and  the  incorrectly  formed  frames.  This  value  excludes  the  frame  header  bits. 

Unicast  frames 

The  total  number  of  frames  successfully  received  on  the  interface  that  are  directed  to  unicast 
addresses. 

Multicast  frames 

The  total  number  of  frames  successfully  received  on  the  interface  that  are  directed  to  multicast 
addresses. 

Broadcast  frames 

The  total  number  of  frames  successfully  received  on  an  interface  that  are  directed  to  broadcast 
addresses. 
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Table  2-18         Receive  Field  Descriptions  (continued) 


Field 

Description 

Unicast  bytes 

The  total  amount  of  memory  (in  bytes)  used  by  unicast  frames  received  on  an  interface,  including 
the  FCS  value  and  the  incorrectly  formed  frames.  This  value  excludes  the  frame  header  bits. 

Multicast  bytes 

The  total  amount  of  memory  (in  bytes)  used  by  multicast  frames  received  on  an  interface, 
including  the  FCS  value  and  the  incorrectly  formed  frames.  This  value  excludes  the  frame  header 
bits. 

Broadcast  bytes 

The  total  amount  of  memory  (in  bytes)  used  by  broadcast  frames  received  on  an  interface, 
including  the  FCS  value  and  the  incorrectly  formed  frames.  This  value  excludes  the  frame  header 
bits. 

Alignment  errors 

The  total  number  of  frames  received  on  an  interface  that  have  alignment  errors. 

FCS  errors 

The  total  number  of  frames  received  on  an  interface  that  have  a  valid  length  (in  bytes)  but  do  not 
have  the  correct  FCS  values. 

Oversize  frames 

The  number  of  frames  received  on  an  interface  that  are  larger  than  the  maximum  allowed  frame 
size. 

Undersize  frames 

The  number  of  frames  received  on  an  interface  that  are  smaller  than  64  bytes. 

Collision  fragments 

The  number  of  collision  fragments  received  on  an  interface. 

Minimum  size  frames 

The  total  number  of  frames  that  are  the  minimum  frame  size. 

65  to  127  byte  frames 

The  total  number  of  frames  that  are  from  65  to  127  bytes. 

128  to  255  byte  frames 

The  total  number  of  frames  that  are  from  128  to  255  bytes. 

256  to  51 1  byte  frames 

The  total  number  of  frames  that  are  from  256  to  51 1  bytes. 

512  to  1023  byte  frames 

The  total  number  of  frames  that  are  from  512  to  1023  bytes. 

1U24  to  ijio  Byte  trames 

The  total  number  of  frames  that  are  from  1024  to  1518  bytes. 

Overrun  frames 

The  total  number  of  overrun  frames  received  on  an  interface. 

Pause  frames 

The  number  of  pause  frames  received  on  an  interface. 

Symbol  error  frames 

The  number  of  frames  received  on  an  interface  that  have  symbol  errors. 

Invalid  frames,  too  large 

The  number  of  frames  received  that  were  larger  than  maximum  allowed  MTU2  size  (including 
the  FCS  bits  and  excluding  the  frame  header)  and  that  have  either  an  FCS  error  or  an  alignment 
error. 

Valid  frames,  too  large 

The  number  of  frames  received  on  an  interface  that  are  larger  than  the  maximum  allowed  frame 
size. 

Invalid  frames,  too  small 

The  number  of  frames  received  that  are  smaller  than  64  bytes  (including  the  FCS  bits  and 
excluding  the  frame  header)  and  that  have  either  an  FCS  error  or  an  alignment  error. 

Valid  frames,  too  small 

The  number  of  frames  received  on  an  interface  that  are  smaller  than  64  bytes  (or  68  bytes  for 
VLAN-tagged  frames)  and  that  have  valid  FCS  values.  The  frame  size  includes  the  FCS  bits  but 
excludes  the  frame  header  bits. 

Too  old  frames 

The  number  of  frames  dropped  on  the  ingress  port  because  the  packet  aged  out. 

Valid  oversize  frames 

The  number  of  frames  received  on  an  interface  that  are  larger  than  the  maximum  allowed  frame 
size  and  have  valid  FCS  values.  The  frame  size  includes  the  FCS  value  but  does  not  include  the 
VLAN  tag. 
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Table  2-18 


Receive  Field  Descriptions  (continued) 


Field 

Description 

System  FCS  error  frames 

The  total  number  of  frames  received  on  an  interface  that  have  a  valid  length  (in  bytes)  but  that 
do  not  have  the  correct  FCS  values. 

RxPortFifoFull  drop 
frames 

The  total  number  of  frames  received  on  an  interface  that  are  dropped  because  the  ingress  queue 
is  full. 

1.    FCS  =  frame  check  sequence 

2.    MTU  =  maximum  transmission  unit 


This  is  an  example  of  output  from  the  show  controllers  ethernet-controller  phy  command  for  a  specific 
interface: 


Switch#  show  controllers  ethernet- 

Control  Register 
Control  STATUS 
Phy  ID  1 
Phy  ID  2 

Auto-Negotiation  Advertisement 

Auto-Negotiation  Link  Partner 

Auto-Negotiation  Expansion  Reg 

Next  Page  Transmit  Register 

Link  Partner  Next  page  Registe 

1000BASE-T  Control  Register 

1000BASE-T  Status  Register 

Extended  Status  Register 

PHY  Specific  Control  Register 

PHY  Specific  Status  Register 

Interrupt  Enable 

Interrupt  Status 

Extended  PHY  Specific  Control 

Receive  Error  Counter 

Reserved  Register  1 

Global  Status 

LED  Control 

Manual  LED  Override 

Extended  PHY  Specific  Control 

Disable  Receiver  1 

Disable  Receiver  2 

Extended  PHY  Specific  Status 

Auto-MDIX 


controller  gigabitethernetO/2  phy 

:  0001  0001  0100  0000 
0111  1001  0100  1001 
0000  0001  0100  0001 
0000  1100  0010  0100 
0000  0011  1110  0001 
0000   0000   0000  0000 


0000 
0010 
0000 
0000 
0100 
0011 


0000 
0000 
0000 

1111 

0000 
0000 


0000  0000 
1000  0001 


0000 
0000 
0000 
0000 
0000 
0000 
0111 
0100 


0100 
0001 
0000 
0000 
0000 
0000 
1000 
0000 


0000  0000  0000  0000 
0000   0000   0100  0000 


0000 
0000 
0000 
0000 


1100 
0000 
0000 
0000 


0110 
0000 
0000 
0000 


1000 
0000 
0000 
0000 


0100  0001 
0000 


0000  0000 
0000  0000 


1000  0010 
0001 


0000  0000 
1010 
1010 


1000 
1000 
On 


0000 
0100 


0000 
0000 
1000 


1011 
0100 
0000 


[AdminState=l  Flags=0x00052248] 


This  is  an  example  of  output  from  the  show  controllers  ethernet-controller  port-asic  configuration 

command: 

Switch#  show  controllers  ethernet-controller  port-asic  configuration 

Switch  1,   PortASIC  0  Registers 


DeviceType 
Reset 

PmadMicConf ig 
PmadMicDiag 

SupervisorReceiveFif oSramlnf o 

SupervisorTransmitFif oSramlnf o 

GlobalStatus 

Indications tatus 

IndicationStatusMask 

Interrupt Status 

Inter ruptStatusMask 


000101BC 
00000000 
00000001 
00000003 

000007D0   000007D0  40000000 

000001D0   000001D0  40000000 

00000800 

00000000 

FFFFFFFF 

00000000 

01FFE800 
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SupervisorDiag 
SupervisorFrameS  i  z  eLimi  t 
SupervisorBroadcast 
GenerallO 
StackPcsInf o 

StackRacInf o 

StackControl Status 
stackControlStatusMask 
TransmitBuf f erFreeListlnf o 

TransmitRingFif olnf o 

TransmitBuf fer Info 
TransmitBuf f erCommonCount 
TransmitBuf ferCommonCount Peak 
TransmitBuf f erCommonCommonEmpty 
NetworkActivity 
DroppedStatistics 
FrameLengthDeltaSelect 
SneakPortFif olnf o 
Maclnf o 


00000000 
000007C8 
000A0F01 
000003F9 
FFFF1000 
FF0FFF00 
73001630 
24140003 
18E418E0 
FFFFFFFF 
00000854 
0000088A 
00000016 
0000000C 
00012000 
00000F7A 
0000001E 
000000FF 
00000000 
00000000 
00000001 
00000000 
0EC0801C 
00C0001D 


00000000  00000004 
860329BD  5555FFFF  FFFFFFFF 
86020000  5555FFFF  00000000 
00000003   7F001644  00000003 
FD632B00   18E418E0  FFFFFFFF 


00000800  00000FF8  00000000 

0000085D  00000FF8  00000000 

00000016  40000000  00000000 

0000000C  40000000  00000000 

00000FFF  00000000  00000030 


00000000   00000000  02400000 


00000001  0EC0801B  00000001 
00000001  00C0001E  00000001 


<output  truncated> 


This  is  an  example  of  output  from  the  show  controllers  ethernet-controller  port-asic  statistics 

command: 

Switch#  show  controllers  ethernet-controller  port-asic  statistics 


Switch  1,   PortASIC  0  Statistics 


0 

RxQ- 

0, 

wt 

-0 

enqueue 

frames 

0 

RxQ- 

0, 

wt- 

0 

drop 

frames 

118966 

RxQ- 

0, 

wt 

-1 

enqueue 

frames 

0 

RxQ- 

0, 

wt- 

1 

drop 

frames 

0 

RxQ- 

0, 

wt 

-2 

enqueue 

frames 

0 

RxQ- 

0, 

wt- 

2 

drop 

frames 

0 

RxQ- 

1, 

wt 

-0 

enqueue 

frames 

0 

RxQ- 

1, 

wt- 

0 

drop 

frames 

296 

RxQ- 

1, 

wt 

-1 

enqueue 

frames 

0 

RxQ- 

1, 

wt- 

1 

drop 

frames 

836036 

RxQ- 

1, 

wt 

-2 

enqueue 

frames 

0 

RxQ- 

1, 

wt- 

2 

drop 

frames 

0 

RxQ- 

2, 

wt 

-0 

enqueue 

frames 

0 

RxQ- 

2, 

wt- 

0 

drop 

frames 

0 

RxQ- 

2, 

wt 

-1 

enqueue 

frames 

0 

RxQ- 

2, 

wt- 

1 

drop 

frames 

158377 

RxQ- 

2, 

wt 

-2 

enqueue 

frames 

0 

RxQ- 

2, 

wt- 

2 

drop 

frames 

0 

RxQ- 

3, 

wt- 

-0 

enqueue 

frames 

0 

RxQ- 

-3, 

wt- 

0 

drop 

frames 

0 

RxQ- 

3, 

wt- 

-1 

enqueue 

frames 

0 

RxQ- 

-3, 

wt- 

1 

drop 

frames 

0 

RxQ- 

3, 

wt- 

-2 

enqueue 

frames 

0 

RxQ- 

-3, 

wt- 

2 

drop 

frames 

15  TxBufferFull  Drop  Count 

0  TxBuf f erFrameDesc  BadCrcl6 

0  TxBuffer  Bandwidth  Drop  Cou 

0  TxQueue  Bandwidth  Drop  Coun 

0  TxQueue  Missed  Drop  Statist 

74  RxBuffer  Drop  Destlndex  Cou 

0  SneakQueue  Drop  Count 

0  Learning  Queue  Overflow  Fra 

0  Learning  Cam  Skip  Count 


0  Rx  Fes  Error  Frames 

0  Rx  Invalid  Oversize  Frames 

0  Rx  Invalid  Too  Large  Frames 

0  Rx  Invalid  Too  Large  Frames 

0  Rx  Invalid  Too  Small  Frames 

0  Rx  Too  Old  Frames 

0  Tx  Too  Old  Frames 

0  System  Fes  Error  Frames 


15  Sup  Queue  0  Drop  Frames 
0  Sup  Queue  1  Drop  Frames 
0  Sup  Queue  2  Drop  Frames 


0  Sup  Queue  8  Drop  Frames 
0  Sup  Queue  9  Drop  Frames 
0  Sup  Queue  10  Drop  Frames 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  BladeSystem  Command  Reference  Guide  j 


2-311 


M     show  controllers  ethernet-controller 


Chapter  2   CGESM  Switch  Cisco  IPS  Commands  | 


0  Sup  Queue  3  Drop  Frames 

0  Sup  Queue  4  Drop  Frames 

0  Sup  Queue  5  Drop  Frames 

0  Sup  Queue  6  Drop  Frames 

0  Sup  Queue  7  Drop  Frames 


0  Sup  Queue  11  Drop  Frames 

0  Sup  Queue  12  Drop  Frames 

0  Sup  Queue  13  Drop  Frames 

0  Sup  Queue  14  Drop  Frames 

0  Sup  Queue  15  Drop  Frames 


Switch  1,   PortASIC  1  Statistics 


0  RxQ-0,  wt-0  enqueue  frames 
52  RxQ-0,  wt-1  enqueue  frames 
0  RxQ-0,  wt-2  enqueue  frames 


0  RxQ-0,  wt-0  drop  frames 
0  RxQ-0,  wt-1  drop  frames 
0  RxQ-0,   wt-2  drop  frames 


<output  truncated> 


Related  Commands      Command  Description 

show  controllers  Displays  the  state  of  the  CPU  network  ASIC  and  send  and  receive 

cpu-interface  statistics  for  packets  reaching  the  CPU. 

show  controllers  team       Displays  the  state  of  registers  for  all  ternary  content  addressable  memory 

(TCAM)  in  the  system  and  for  TCAM  interface  ASICs  that  are  CAM 
controllers. 
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show  controllers  team  H 


show  controllers  team 

Use  the  show  controllers  team  privileged  EXEC  command  to  display  the  state  of  the  registers  for  all 
ternary  content  addressable  memory  (TCAM)  in  the  system  and  for  all  TCAM  interface  ASICs  that  are 
CAM  controllers. 

show  controllers  team  [asic  [number]]  [detail]  [  I  {begin  I  exclude  I  include]  expression] 


Syntax  Description      asic  (Optional)  Display  port  ASIC  TCAM  information. 


number 

(Optional)  Display  information  for  the  specified  port  ASIC  number.  The  range  is 

from  0  to  15. 

detail 

(Optional)  Display  detailed  TCAM  register  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        This  display  provides  information  that  might  be  useful  for  Cisco  technical  support  representatives 
troubleshooting  the  switch. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  controllers  team  command: 

Switch*  show  controllers  team 


TCAM-0  Registers 


REV: 

00B30103 

SIZE : 

00080040 

ID: 

00000000 

CCR: 

00000000. 

.F0000020 

RPIDO : 

00000000. 

.00000000 

RPID1 : 

00000000. 

.00000000 

RPID2 : 

00000000. 

.00000000 

RPID3 : 

00000000. 

.00000000 

HRRO  : 

00000000. 

.E000CAFC 

HRR1 : 

00000000. 

.00000000 

HRR2  : 

00000000. 

00000000 
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HRR3 
HRR4 
HRR5 
HRR6 
HRR7 


00000000_00000000 
00000000_00000000 
00000000_00000000 
00000000_00000000 
00000000  00000000 


<output  truncated> 


GMR31 
GMR32 
GMR33 


FF_FFFFFFFF_FFFFFFFF 
FF_FFFFFFFF_FFFFFFFF 
FF  FFFFFFFF  FFFFFFFF 


TCAM  related  PortASIC  1  registers 


LookupType:  89A1C67D_24E35F00 

LastCamlndex:  0000FFE0 

LocalNoMatch:  000069E0 
ForwardingRamBaseAddress : 


00022A00  0002FE00  00040600  0002FE00  0000D400 
00000000  003FBA00  00009000  00009000  00040600 
00000000  00012800  00012900 


Related  Commands      Command  Description 

show  controllers  Displays  the  state  of  the  CPU  network  ASIC  and  send  and  receive  statistics 

cpu-interface  for  packets  reaching  the  CPU. 

show  controllers  Displays  per-interface  send  and  receive  statistics  read  from  the  hardware  or 

ethernet-controller  the  interface  internal  registers. 
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show  controllers  utilization  H 


show  controllers  utilization 


Use  the  show  controllers  utilization  user  EXEC  command  to  display  bandwidth  utilization  on 
the  switch  or  specific  ports. 

show  controllers  [interface-id]  utilization  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

interface-id 

(Optional)  ID  of  the  switch  interface. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  specified  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  specified  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  controllers  utilization  command. 

Switch>  show  controllers  utilization 

Port  Receive  Utilization     Transmit  Utilization 

GiO/1  0  0 

GiO/2  0  0 

<output  truncated> 

Switch  Receive  Bandwidth  Percentage  Utilization  :  0 
Switch  Transmit  Bandwidth  Percentage  Utilization   :  0 

Switch  Fabric  Percentage  Utilization   :  0 

This  is  an  example  of  output  from  the  show  controllers  utilization  command  on  a  specific  port: 

Switch>  show  controllers  gigabitethernetO/1  utilization 

Receive  Bandwidth  Percentage  Utilization  :  0 
Transmit  Bandwidth  Percentage  Utilization     :  0 
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Table  2-19        show  controllers  utilization  Field  Descriptions 


Field 

Description 

Receive  Bandwidth  Percentage 
Utilization 

Displays  the  received  bandwidth  usage  of  the  switch,  which  is  the 
sum  of  the  received  traffic  on  all  the  ports  divided  by  the  switch 
receive  capacity. 

Transmit  Bandwidth 
Percentage  Utilization 

Displays  the  transmitted  bandwidth  usage  of  the  switch,  which  is  the 
sum  of  the  transmitted  traffic  on  all  the  ports  divided  it  by  the  switch 
transmit  capacity. 

Fabric  Percentage  Utilization 

Displays  the  average  of  the  transmitted  and  received  bandwidth  usage 
of  the  switch. 

Related  Commands      Command  Description 

show  controllers  Displays  the  interface  internal  registers, 

ethernet-controller 
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show  dotlx  SM 


show  dotlx 


Use  the  show  dotlx  user  EXEC  command  to  display  IEEE  802.  lx  statistics,  administrative  status,  and 
operational  status  for  the  switch  or  for  the  specified  port. 

show  dotlx  [{all  [summary]  I  interface  interface-id}  [details  I  statistics]]  [  I  {begin  I  exclude  I 

include]  expression] 


Syntax  Description 

all  [summary] 

(Optional)  Display  the  IEEE  802.  lx  status  for  all  ports. 

interface  interface-id 

(Optional)  Display  the  IEEE  802.  lx  status  for  the  specified  port  (including 
type,  module,  and  port  number). 

details 

(Optional)  Display  the  IEEE  802.  lx  interface  details. 

statistics 

(Optional)  Display  IEEE  802.  lx  statistics  for  the  specified  port. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  display  was  expanded  to  include  auth-fail-vlan  in  the  authorization 
state  machine  state  and  port  status  fields. 

12.2(25)SEE 

The  command  syntax  was  changed,  and  the  command  output  was  modified. 

Usage  Guidelines 


If  you  do  not  specify  a  port,  global  parameters  and  a  summary  appear.  If  you  specify  a  port,  details  for 
that  port  appear. 

If  the  port  control  is  configured  as  unidirectional  or  bidirectional  control  and  this  setting  conflicts  with 
the  switch  configuration,  the  show  dotlx  {all  I  interface  interface-id)  privileged  EXEC  command 
output  has  this  information: 


ControlDirection 


=  In  (Inactive) 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  dotlx  user  EXEC  command: 

Switch>  show  dotlx 

Sysauthcontrol  Enabled 

Dotlx  Protocol  Version  2 

Critical  Recovery  Delay  100 

Critical  EAPOL  Disabled 
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This  is  an  example  of  output  from  the  show  dotlx  all  user  EXEC  command: 

Switch>  show  dotlx  all 

Sysauthcontrol  Enabled 

Dotlx  Protocol  Version  2 

Critical  Recovery  Delay  100 

Critical  EAPOL  Disabled 

Dotlx  Info  for  GigabitEthernetO / 1 


PAE 

PortControl 

ControlDirection 

HostMode 

ReAuthentication 

QuietPeriod 

ServerTimeout 

SuppTimeout 

ReAuthPeriod 

ReAuthMax 

MaxReq 

TxPeriod 

RateLimit Period 


AUTHENTICATOR 

AUTO 

Both 

SINGLE_HOST 

Disabled 

60 

30 

30 

3600 
2 
2 

30 
0 


(Locally  configured) 


<output  truncated> 

This  is  an  example  of  output  from  the  show  dotlx  all  summary  user  EXEC  command: 

Interface  PAE  Client  Status 


Gi0/1 
GiO/2 
GiO/3 


AUTH  none 

AUTH         OOaO . c9b8 . 0072 

AUTH  none 


UNAUTHORIZED 

AUTHORIZED 

UNAUTHORIZED 


This  is  an  example  of  output  from  the  show  dotlx  interface  interface-id  user  EXEC  command: 

Switch>  show  dotlx  interface  gigabitethernetO/2 

Dotlx  Info  for  GigabitEthernetO/2 


PAE 

PortControl 

ControlDirection 

HostMode 

ReAuthentication 

QuietPeriod 

ServerTimeout 

SuppTimeout 

ReAuthPeriod 

ReAuthMax 

MaxReq 

TxPeriod 

RateLimit Period 


AUTHENTICATOR 

AUTO 

In 

SINGLE_HOST 

Disabled 

60 

30 

30 

3600 
2 
2 

30 
0 


(Locally  configured) 


This  is  an  example  of  output  from  the  show  dotlx  interface  interface-id  details  user  EXEC  command: 

Switch#  show  dotlx  interface  gigabitethernetO/2  details 

Dotlx  Info  for  GigabitEthernetO/2 


PAE 

PortControl 

ControlDirection 

HostMode 

ReAuthentication 
QuietPeriod 


=  AUTHENTICATOR 

=  AUTO 

=  Both 

=  SINGLE_HOST 

=  Disabled 

=  60 
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show  dotlx  H 


ServerTimeout  =  3  0 

SuppTimeout  =  3  0 

ReAuthPeriod  =  3600    (Locally  configured) 

ReAuthMax  =  2 

MaxReq  =  2 

TxPeriod  =30 

RateLimitPeriod  =  0 


Dotlx  Authenticator  Client  List  Empty 


This  is  an  example  of  output  from  the  show  dotlx  interface  interface-id  details  commmand  when  a  port 
is  assigned  to  a  guest  VLAN  and  the  host  mode  changes  to  multiple-hosts  mode: 

Switch*  show  dotlx  interface  gigabitethernetO/1  details 

Dotlx  Info  for  GigabitEthernetO / 1 


PAE 

PortControl 

ControlDirection 

HostMode 

ReAuthentication 

QuietPeriod 

ServerTimeout 

SuppTimeout 

ReAuthPeriod 

ReAuthMax 

MaxReq 

TxPeriod 

RateLimitPeriod 

Guest-Vlan 


AUTHENTICATOR 

AUTO 

Both 

SINGLE_HOST 

Enabled 

60 

30 

30 

3600 
2 
2 

30 
0 

182 


(Locally  configured) 


Dotlx  Authenticator  Client  List  Empty 


Port  Status  =  AUTHORIZED 

Authorized  By  =  Guest-Vlan 

Operational  HostMode  =  MULTI_HOST 

Vlan  Policy  =  182 


This  is  an  example  of  output  from  the  show  dotlx  interface  interface-id  statistics  command.  Table  2-20 
describes  the  fields  in  the  display. 

Switch>  show  dotlx  interface  gigabitethernetO/2  statistics 

Dotlx  Authenticator  Port  Statistics  for  GigabitEthernet0/2 


RxStart  =  0  RxLogoff  =  0         RxResp  =  1  RxRespID  =  1 

Rxlnvalid  =  0       RxLenErr  =  0         RxTotal  =  2 


TxReq  =  2  TxReqID  =  132       TxTotal  =  134 

RxVersion  =  2       LastRxSrcMAC  =  OOaO . c9b8 . 0072 


Table  2-20        show  dotlx  statistics  Field  Descriptions 


Field 

Description 

RxStart 

Number  of  valid  EAPOL-start  frames  that  have  been  received. 

RxLogoff 

Number  of  EAPOL-logoff  frames  that  have  been  received. 

RxResp 

Number  of  valid  EAP-response  frames  (other  than  response/identity  frames)  that 
have  been  received. 

RxRespID 

Number  of  EAP-response/identity  frames  that  have  been  received. 
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Table  2-20         show  dotlx  statistics  Field  Descriptions  (continued) 


Field 

Description 

Rxlnvalid 

Number  of  EAPOL  frames  that  have  been  received  and  have  an  unrecognized 
frame  type. 

RxLenError 

Number  of  EAPOL  frames  that  have  been  received  in  which  the  packet  body 
length  field  is  invalid. 

RxTotal 

Number  of  valid  EAPOL  frames  of  any  type  that  have  been  received. 

TxReq 

Number  of  EAP-request  frames  (other  than  request/identity  frames)  that  have 
been  sent. 

TxReqld 

Number  of  Extensible  Authentication  Protocol  (EAP)-request/identity  frames 
that  have  been  sent. 

TxTotal 

Number  of  Extensible  Authentication  Protocol  over  LAN  (EAPOL)  frames  of  any 
type  that  have  been  sent. 

Rx  Version 

Number  of  received  packets  in  the  IEEE  802.  lx  Version  1  format. 

LastRxSrcMac 

Source  MAC  address  carried  in  the  most  recently  received  EAPOL  frame. 

Related  Commands      Command  Description 

dotlx  default  Resets  the  IEEE  802.  lx  parameters  to  their  default  values. 
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show  dtp  I 


show  dtp 

Use  the  show  dtp  privileged  EXEC  command  to  display  Dynamic  Trunking  Protocol  (DTP)  information 
for  the  switch  or  for  a  specified  interface. 

show  dtp  [interface  interface-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description      interface        (Optional)  Display  port  security  settings  for  the  specified  interface.  Valid  interfaces 
interface-id     include  physical  ports  (including  type,  module,  and  port  number). 


1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples  This  is  an  example  of  output  from  the  show  dtp  command: 

Switch#  show  dtp 
Global  DTP  information 

Sending  DTP  Hello  packets  every  30  seconds 

Dynamic  Trunk  timeout  is  300  seconds 

21  interfaces  using  DTP 

This  is  an  example  of  output  from  the  show  dtp  interface  command: 

Switch#  show  dtp  interface  gigabitethernetO/1 

DTP  information  for  GigabitEthernetO/1 : 

TOS/TAS/TNS:  ACCESS/AUTO/ACCESS 

TOT/TAT/TNT :  NATIVE /NEGOTIATE /NATIVE 

Neighbor  address  1:  000943A7D081 

Neighbor  address  2:  000000000000 

Hello  timer  expiration   (sec/state) :  1 /RUNNING 

Access  timer  expiration  (sec/state) :  never/STOPPED 
Negotiation  timer  expiration   (sec/state) :  never/STOPPED 

Multidrop  timer  expiration   (sec/state) :  never/STOPPED 

FSM  state:  S2 : ACCESS 

#  times  multi  &  trunk  0 

Enabled:  yes 

In  STP:  no 
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Statistics 


3160  packets  received  (3160  good) 
0  packets  dropped 

0  nonegotiate,  0  bad  version,  0  domain  mismatches,  0  bad  TLVs,  0  other 
6320  packets  output   (6320  good) 

3160  native,   3160  software  encap  isl,    0  isl  hardware  native 
0  output  errors 

0  trunk  timeouts 

1  link  ups,    last  link  up  on  Mon  Mar  01  1993,  01:02:29 
0  link  downs 


Related  Commands 


Command 


Description 


show  interfaces  trunk 


Displays  interface  trunking  information. 
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show  eap 

Use  the  show  eap  privileged  EXEC  command  to  display  Extensible  Authentication  Protocol  (EAP) 
registration  and  session  information  for  the  switch  or  for  the  specified  port. 

show  eap  {{registrations  [method  [name]  I  transport  [name]]}  I  {sessions  [credentials  name 
[interface  interface-id]  I  interface  interface-id  I  method  name  I  transport  name]]] 
[credentials  name  I  interface  interface-id  I  transport  name]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description      registrations  Display  EAP  registration  information. 


method  name 

(Optional)  Display  EAP  method  registration  information. 

transport  name 

(Optional)  Display  EAP  transport  registration  information. 

sessions 

Display  EAP  session  information. 

credentials  name 

(Optional)  Display  EAP  method  registration  information. 

interface  interface-id 

(Optional)  Display  the  EAP  information  for  the  specified  port  (including 

type,  module,  and  port  number). 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SEE  This  command  was  introduced. 


Usage  Guidelines       When  you  use  the  show  eap  registrations  privileged  EXEC  command  with  these  keywords,  the 
command  output  shows  this  information: 

•  None — All  the  lower  levels  used  by  EAP  and  the  registered  EAP  methods. 

•  method  name  keyword — The  specified  method  registrations. 

•  transport  name  keyword — The  specific  lower-level  registrations. 

When  you  use  the  show  eap  sessions  privileged  EXEC  command  with  these  keywords,  the  command 
output  shows  this  information: 

•  None — All  active  EAP  sessions. 

•  credentials  name  keyword — The  specified  credentials  profile. 

•  interface  interface-id  keyword — The  parameters  for  the  specified  interface. 

•  method  name  keyword — The  specified  EAP  method. 

•  transport  name  keyword — The  specified  lower  layer. 
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Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  eap  registrations  privileged  EXEC  command: 


Switch>  show  eap  registrations 

Registered  EAP  Methods: 

Method     Type  Name 
4  Peer  MD5 

Registered  EAP  Lower  Layers : 
Handle     Type  Name 

2  Authenticator  Dotlx-Authenticator 

1  Authenticator  MAB 

This  is  an  example  of  output  from  the  show  eap  registrations  transport  privileged  user  EXEC 
command: 

Switch>  show  eap  registrations  transport  all 

Registered  EAP  Lower  Layers: 
Handle     Type  Name 

2  Authenticator  Dotlx-Authenticator 
1          Authenticator  MAB 


This  is  an  example  of  output  from  the  show  eap  sessions  privileged  EXEC  command: 


Switch>  show  eap  sessions 

Role: 

Lower  layer: 
Current  method: 
Retransmission  count: 


Authenticator  Decision: 
Dotlx-Authenticalnterf ace : 
None  Method  state: 

0      (max:    2)  Timer: 


Reqld  Retransmit 
EAP  handle : 

Lower  layer  context  ID 
Method  context  ID: 
Start  timeout   (s) : 
Current  ID: 


(timeout:   30s,   remaining:  2s) 

0x5200000A  Credentials  profile: 

0x93000004  Eap  profile  name: 

0x00000000  Peer  Identity: 

1  Retransmit  timeout  (s): 

2  Available  local  methods: 


Fail 
Gi0/1 

Uninitialised 
Authenticator 

None 
None 
None 
30  (30) 
None 


Role: 

Lower  layer: 
Current  method: 
Retransmission  count: 
Reqld  Retransmit  (timeout 
EAP  handle : 

Lower  layer  context  ID: 
Method  context  ID: 
Start  timeout   (s) : 
Current  ID: 


Authenticator  Decision: 
Dotlx-Authenticalnterf ace : 
None  Method  state: 

0  (max:    2)  Timer: 
30s,   remaining:  2s) 

0xA800000B  Credentials  profile: 

0x0D000005  Eap  profile  name: 

0x00000000  Peer  Identity: 

1  Retransmit  timeout  (s): 

2  Available  local  methods: 


Fail 

Gi0/2 

Uninitialised 
Authenticator 

None 
None 
None 
30  (30) 
None 


<Output  truncated> 

This  is  an  example  of  output  from  the  show  eap  sessions  interface  interface-id  privileged  EXEC 
command: 


Switch#  show  eap  sessions  gigabitethernetO/1 

Role:  Authenticator  Decision: 

Lower  layer:  Dotlx-Authenticalnterf ace : 

Current  method:  None  Method  state: 

Retransmission  count:         1     (max:   2)  Timer: 

Reqld  Retransmit   (timeout:   30s,   remaining:  13s) 

EAP  handle:  0x5200000A  Credentials  profile: 

Lower  layer  context  ID:     0x93000004  Eap  profile  name: 


Fail 
Gi0/1 

Uninitialised 
Authenticator 

None 
None 
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show  eap 


Method  context  ID: 
Start  timeout  (s) : 
Current  ID: 


0x00000000  Peer  Identity:  None 

1  Retransmit  timeout    (s):     3  0  (30) 

2  Available  local  methods:  None 


Related  Commands  Command 


clear  eap  sessions 


Description 


Clears  EAP  session  information  for  the  switch  or  for  the  specified  port. 
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show  env 


Use  the  show  env  user  EXEC  command  to  display  fan  and  temperature  information  for  the  switch, 
show  env  {all  I  fan  I  temperature)  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

all 

Display  both  fan  and  temperature  environmental  status. 

fan 

Display  the  switch  fan  (1)  and  fan  (2)  status. 

temperature 

Display  the  switch  temperature  status. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Note 

Though  visible  in  the  command-line  help  strings,  the  power,  and  rps  keywords  are  not  supported. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  from  the  show  env  all  command: 


Switch#sh  env  all 
Located  in  Switch  Slot: 


B 


Temperature  Value: 
Temperature  State: 
Yellow  Threshold 
Red  Threshold 
Fan  1:  OK 
Fan  2 :  OK 

Fiber  Channel  Module:  Not  Plugged-in 


26  Degree  Celsius 
GREEN 

68  Degree  Celsius 
75  Degree  Celsius 
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show  env  M 


This  is  an  example  of  output  from  the  show  env  fan  command: 

Switch>  show  env  fan 
Fan  1:  OK 
Fan  2 :  OK 

This  is  an  example  of  output  from  the  show  env  temperature  status  command: 

Switch#sh  env  temp  status 
Temperature  Value:   31  Degree  Celsius 
Temperature  State :  GREEN 
Yellow  Threshold  :   68  Degree  Celsius 
Red  Threshold         :   75  Degree  Celsius 
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show  errdisable  detect 

Use  the  show  errdisable  detect  user  EXEC  command  to  display  error-disabled  detection  status, 
show  errdisable  detect  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description       I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 


1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(37)SE 

A  mode  column  was  added  to  the  show  errdisable  detect  output. 

Usage  Guidelines        A  displayed  gbic-invalid  error  reason  refers  to  an  invalid  small  form-factor  pluggable  (SFP)  module. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 

The  error-disable  reasons  in  the  command  ouput  are  listed  in  alphabetical  order.  The  mode  column  shows 
how  error  disable  is  configured  for  each  feature. 

You  can  configure  error-disabled  detection  in  these  modes: 

•  port  mode — The  entire  physical  port  is  error  disabled  if  a  violation  occurs. 

•  vlan  mode — The  VLAN  is  error  disabled  if  a  violation  occurs. 

•  port/vlan  mode — The  entire  physical  port  is  error  disabled  on  some  ports  and  per- VLAN  error 
disabled  on  other  ports. 


Examples  This  is  an  example  of  output  from  the  show  errdisable  detect  command: 

Switch>  show  errdisable  detect 


ErrDisable  Reason 

Detection 

Mode 

arp- inspect ion 

Enabled 

port 

bpduguard 

Enabled 

vlan 

channel -mi sconfig 

Enabled 

port 

communi ty- 1 imi t 

Enabled 

port 

dhcp- rate- limit 

Enabled 

port 

dtp-flap 

Enabled 

port 

gbic-invalid 

Enabled 

port 

inline-power 

Enabled 

port 

invalid-policy 

Enabled 

port 

12ptguard 

Enabled 

port 

link-flap 

Enabled 

port 
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show  errdisable  detect  B 


loopback 

Enabled 

port 

lsgroup 

Enabled 

port 

pagp-f lap 

Enabled 

port 

psecure- violation 

Enabled 

port/vlan 

security-violatio 

Enabled 

port 

sf p-conf ig-mismat 

Enabled 

port 

storm- control 

Enabled 

port 

udld 

Enabled 

port 

vmps 

Enabled 

port 

Related  Commands      Command  Description 


errdisable  detect  cause 

Enables  error-disabled  detection  for  a  specific  cause  or  all  causes. 

show  errdisable  flap-values 

Displays  error  condition  recognition  information. 

show  errdisable  recovery 

Displays  error-disabled  recovery  timer  information. 

show  interfaces  status 

Displays  interface  status  or  a  list  of  interfaces  in  error-disabled  state. 
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show  errdisable  flap-values 


Syntax  Description 


Use  the  show  errdisable  flap-values  user  EXEC  command  to  display  conditions  that  cause  an  error  to 
be  recognized  for  a  cause. 

show  errdisable  flap-values  [  I  {begin  I  exclude  I  include}  expression] 


I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 

I  exclude        (Optional)  Display  excludes  lines  that  match  the  expression. 

I  include         (Optional)  Display  includes  lines  that  match  the  specified  expression. 


expression       Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


User  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  Flaps  column  in  the  display  shows  how  many  changes  to  the  state  within  the  specified  time  interval 
will  cause  an  error  to  be  detected  and  a  port  to  be  disabled.  For  example,  the  display  shows  that  an  error 
will  be  assumed  and  the  port  shut  down  if  three  Dynamic  Trunking  Protocol  (DTP)-state  (port  mode 
access/trunk)  or  Port  Aggregation  Protocol  (PAgP)  flap  changes  occur  during  a  30-second  interval,  or  if 
5  link-state  (link  up/down)  changes  occur  during  a  10-second  interval. 


ErrDisable  Reason 


Flaps 


Time  (sec) 


pagp-f lap 

dtp-flap 

link-flap 


30 
30 
10 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  from  the  show  errdisable  flap- values  command: 


Switch>  show  errdisable  flap-values 

ErrDisable  Reason        Flaps        Time  (sec) 


pagp-f lap 
dtp-flap 
link- flap 


30 
30 
10 
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show  errdisable  flap-values  N 


Related  Commands      Command  Description 


errdisable  detect  cause 

Enables  error-disabled  detection  for  a  specific  cause  or  all  causes. 

show  errdisable  detect 

Displays  error-disabled  detection  status. 

show  errdisable  recovery 

Displays  error-disabled  recovery  timer  information. 

show  interfaces  status 

Displays  interface  status  or  a  list  of  interfaces  in  error-disabled  state. 
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show  errdisable  recovery 


Syntax  Description 


Use  the  show  errdisable  recovery  user  EXEC  command  to  display  the  error-disabled  recovery  timer 
information. 

show  errdisable  recovery  [  I  {begin  I  exclude  I  include}  expression] 


I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 

I  exclude        (Optional)  Display  excludes  lines  that  match  the  expression. 


I  include 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


expression       Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


User  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


A  gbic-invalid  error-disable  reason  refers  to  an  invalid  small  form-factor  pluggable  (SFP)  module 
interface. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  from  the  show  errdisable  recovery  command: 

Switch>  show  errdisable  recovery 


ErrDisable  Reason 

Timer  Status 

udld 

Disabled 

bpduguard 

Disabled 

security-violatio 

Disabled 

channel -mi sconfig 

Disabled 

vmps 

Disabled 

pagp-f lap 

Disabled 

dtp-flap 

Disabled 

link-flap 

Enabled 

psecure- violation 

Disabled 

gbic-invalid 

Disabled 

dhcp- rate- limit 

Disabled 

unicast- flood 

Disabled 

storm- control 

Disabled 

loopback 

Disabled 

Timer  interval: 3  00 

seconds 
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show  errdisable  recovery  B 


Interfaces  that  will  be  enabled  at  the  next  timeout: 
Interface        Errdisable  reason        Time  left (sec) 
GiO/2  link-flap  279 


Note 

Though  visible  in  the  output,  the  unicast-flood  field  is  not  valid. 

Related  Commands 

Command  Description 

errdisable  recovery               Configures  the  recover  mechanism  variables. 

show  errdisable  detect          Displays  error-disabled  detection  status. 

show  errdisable  flap-values    Displays  error  condition  recognition  information. 

show  interfaces  status           Displays  interface  status  or  a  list  of  interfaces  in  error-disabled  state. 
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show  etherchannel 

Use  the  show  etherchannel  user  EXEC  command  to  display  EtherChannel  information  for  a  channel. 

show  etherchannel  [channel-group-number  {detail  I  port  I  port-channel  I  protocol  I  summary}] 
{detail  I  load-balance  I  port  I  port-channel  I  protocol  I  summary}  [  I  {begin  I  exclude  I 
include}  expression] 


Syntax  Description 


channel- group-number 

(Optional)  Number  of  the  channel  group.  The  range  is  1  to  48. 

detail 

Display  detailed  EtherChannel  information. 

load-balance 

Display  the  load-balance  or  frame-distribution  scheme  among  ports  in  the 

port  channel. 

port 

Display  EtherChannel  port  information. 

port-channel 

Display  port-channel  information. 

protocol 

Display  the  protocol  that  is  being  used  in  the  EtherChannel. 

summary 

Display  a  one-line  summary  per  channel-group. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

User  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


If  you  do  not  specify  a  channel- group ,  all  channel  groups  are  displayed. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 
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show  etherchannel  M 


Examples  This  is  an  example  of  output  from  the  show  etherchannel  1  detail  command: 


Switch>  show  etherchannel  1  detail 

Group  state  =  L2 

Ports:   2       Maxports  =  16 

Port-channels:   1  Max  Port-channels  =  16 

Protocol:  LACP 

Ports  in  the  group: 


Port:  GiO/1 


Port  state         =  Up  Mstr  In-Bndl 

Channel  group  =  1  Mode  =  Active  Gcchange  =  - 

Port-channel     =  Pol  GC       =       -  Pseudo  port-channel  =  Pol 

Port  index        =  0  Load  =  0x00  Protocol  =  LACP 

Flags:     S  -  Device  is  sending  Slow  LACPDUs       F  -  Device  is  sending  fast  LACPDU 
A  -  Device  is  in  active  mode.  P  -  Device  is  in  passive  mode. 

Local  information: 

LACP  port  Admin  Oper  Port  Port 

Port  Flags       State  Priority  Key  Key  Number  State 

GiO/1  SA  bndl  32768  0x0  0x1  0x0  0x3D 

Age  of  the  port  in  the  current  state:   Old : 2 Oh : 06m: 04s 

Port-channels  in  the  group: 


Port-channel:   Pol         (Primary  Aggregator) 


Age  of  the  Port-channel       =  Old : 2 Oh : 2 0m: 2 6s 

Logical  slot/port       =  10/1  Number  of  ports  =  2 

HotStandBy  port  =  null 

Port  state  =  Port-channel  Ag-Inuse 

Protocol  =  LACP 

Ports  in  the  Port-channel: 

Index      Load       Port  EC  state  No  of  bits 

0  00  Gi0/1         Active  0 

0  00  GiO/2         Active  0 

Time  since  last  port  bundled:  Old : 2 Oh : 2 0m : 2 0s  GiO/2 

This  is  an  example  of  output  from  the  show  etherchannel  1  summary  command: 

Switch>  show  etherchannel  1  summary 

Flags:     D  -  down  P  -  in  port-channel 

I  -  stand-alone  s  -  suspended 
H  -  Hot-standby   (LACP  only) 
R  -  Layer3  S  -  Layer2 

u  -  unsuitable  for  bundling 

U  -  in  use  f  -  failed  to  allocate  aggregator 

d  -  default  port 

Number  of  channel -groups  in  use:  1 
Number  of  aggregators:  1 
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Group    Port-channel     Protocol  Ports 

1  Pol(SU)  LACP  GiO/l(P)  GiO/2(P) 

This  is  an  example  of  output  from  the  show  etherchannel  1  port-channel  command: 

Switch>  show  etherchannel  1  port-channel 

Port-channels  in  the  group: 

Port-channel:   Pol         (Primary  Aggregator) 


Age  of  the  Port-channel       =  Old : 2 Oh : 24m: 50s 

Logical  slot/port       =  10/1  Number  of  ports  =  2 

HotStandBy  port  =  null 

Port  state  =  Port-channel  Ag-Inuse 

Protocol  =  LACP 

Ports  in  the  Port-channel: 

Index      Load       Port  EC  state  No  of  bits 


0  00  Gi0/1         Active  0 

0  00  GiO/2         Active  0 

Time  since  last  port  bundled:  Old: 20h: 24m: 44s  GiO/2 

This  is  an  example  of  output  from  the  show  etherchannel  protocol  command: 

Switch#  show  etherchannel  protocol 

Channel-group  listing: 


Group :  1 


Protocol:  LACP 
Group :  2 


Protocol:  PAgP 


Related  Commands      Command  Description 


channel-group 

Assigns  an  Ethernet  port  to  an  EtherChannel  group. 

channel-protocol 

Restricts  the  protocol  used  on  a  port  to  manage  channeling. 

interface  port-channel 

Accesses  or  creates  the  port  channel. 
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show  fallback  profile  US 


show  fallback  profile 


Use  the  show  fallback  profile  privileged  EXEC  command  to  display  the  fallback  profiles  that  are 
configured  on  a  switch. 

show  fallback  profile  [  append  I  begin  I  exclude  I  include  I  {  [redirect  I  tee  ]  url  }  expression  ] 


Syntax  Description 

1  append 

(Optional)  Append  redirected  output  to  a  specified  URL 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

1  redirect 

(Optional)  Copy  output  to  a  specified  URL. 

1  tee 

(Optional)  Copy  output  to  a  specifed  URL. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

url 

Specified  URL  where  output  is  directed. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(35)SE 

This  command  was  introduced. 

Usage  Guidelines 


Use  the  show  fallback  profile  privileged  EXEC  command  to  display  profiles  that  are  configured  on  the 
switch. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  output  from  the  show  fallback  profile  command: 

switch#  show  fall  profile 
Profile  Name:  dotlx-www 


Description 

NONE 

IP  Admission  Rule 

webauth- f al lback 

IP  Access-Group  IN 

default -policy 

Profile  Name:  dotlx-www-lpip 

Description 

NONE 

IP  Admission  Rule 

web-lpip 

IP  Access-Group  IN 

default -policy 

Profile  Name:  profilel 

Description 

NONE 

IP  Admission  Rule 

NONE 

IP  Access-Group  IN 

NONE 
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Related  Commands      Command  Description 


dotlx  fallback 

Configure  a  port  to  use  web  authentication  as  a  fallback  method  for 

clients  that  do  not  support  IEEE  802.  lx  authentication. 

fallback  profile 

Specify  the  fallback  profile  for  clients  that  do  not  support  IEEE  802.  lx 

authentication. 

ip  admission 

Enable  web  authentication  on  a  switch  port 

ip  admission  name  proxy 

Enable  web  authentication  globally  on  a  switch 

http 

show  dotlx  [interface 

Displays  IEEE  802. lx  status  for  the  specified  port. 

interface-id] 
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show  flowcontrol 

Use  the  show  flowcontrol  user  EXEC  command  to  display  the  flow  control  status  and  statistics. 

show  flowcontrol  [interface  interface-id  I  module  number]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 


interface  interface-id 

(Optional)  Display  the  flow  control  status  and  statistics  for  a  specific 

interface. 

module  number 

(Optional)  Display  the  flow  control  status  and  statistics  for  all  interfaces  on  the 

switch.  The  only  valid  module  number  is  1 .  This  option  is  not  available  if  you 

have  entered  a  specific  interface  ID. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

User  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Use  this  command  to  display  the  flow  control  status  and  statistics  on  the  switch  or  for  a  specific  interface. 

Use  the  show  flowcontrol  command  to  display  information  about  all  the  switch  interfaces.  The  output 
from  the  show  flowcontrol  command  is  the  same  as  the  output  from  the  show  flowcontrol  module 

number  command. 

Use  the  show  flowcontrol  interface  interface-id  command  to  display  information  about  a  specific 
interface. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  flowcontrol  command. 


Switch>  show  flowcontrol 

Port  Send  FlowControl     Receive  FlowControl     RxPause  TxPause 

admin        oper  admin  oper 


GiO/1  Unsupp.  Unsupp.  off  off 

GiO/2  desired  off  off  off 

GiO/3  desired  off  off  off 

<output  truncated> 
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This  is  an  example  of  output  from  the  show  flowcontrol  interface  interface-id  command: 

Switch>  show  flowcontrol  gigabitethernetO/2 

Port  Send  Flowcontrol     Receive  Flowcontrol     RxPause  TxPause 

admin        oper  admin  oper 

GiO/2  desired     off  off  off  0  0 


Related  Commands      Command  Description 

flowcontrol  Sets  the  receive  flow-control  state  for  an  interface. 
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show  interfaces 

Use  the  show  interfaces  privileged  EXEC  command  to  display  the  administrative  and  operational  status 
of  all  interfaces  or  a  specified  interface. 

show  interfaces  [interface-id  I  vlan  vlan-id]  [accounting  I  capabilities  [module  number]  I 

counters  I  description  I  etherchannel  I  flowcontrol  I  pruning  I  stats  I  status  [err-disabled]  I 
switchport  [backup  I  module  number]  I  transceiver  [properties  I  detail]  [module  number]  I 
trunk]  [  I  [begin  I  exclude  I  include}  expression] 


Syntax  Description       interface-id  (Optional)  Valid  interfaces  include  physical  ports  (including  type,  module,  and 

port  number)  and  port  channels.  The  port-channel  range  is  1  to  48. 

vlan  vlan-id  (Optional)  VLAN  identification.  The  range  is  1  to  4094. 

accounting  (Optional)  Display  accounting  information  on  the  interface,  including  active 

protocols  and  input  and  output  packets  and  octets. 


Note     The  display  shows  only  packets  processed  in  software;  hardware-switched 
packets  do  not  appear. 


canahilitips 

(Ontional^  Disnlav  thp  ranahilitip's  of  all  intprfarps  or  the  snpcifipd  intprfarp 

including  the  features  and  options  that  you  can  configure  on  the  interface.  Though 

visible  in  the  command  line  help,  this  option  is  not  available  for  VLAN  IDs. 

module  number 

(Optional)  Display  capabilities,  switchport  configuration,  or  transceiver 

characteristics  (depending  on  preceding  keyword)  of  all  interfaces  on  the  switch. 

The  only  valid  module  number  is  1.  This  option  is  not  available  if  you  entered  a 

specific  interface  ID. 

counters 

(Optional)  See  the  show  interfaces  counters  command. 

description 

(Optional)  Display  the  administrative  status  and  description  set  for  an  interface. 

etherchannel 

(Optional)  Display  interface  EtherChannel  information. 

flowcontrol 

(Optional)  Display  interface  flowcontrol  information 

pruning 

(Optional)  Display  interface  trunk  VTP  pruning  information. 

stats 

(Optional)  Display  the  input  and  output  packets  by  switching  path  for  the 

interface. 

status 

(Optional)  Display  the  status  of  the  interface.  A  status  of  unsupported  in  the  Type 

field  means  that  a  non-Cisco  small  form-factor  pluggable  (SFP)  module  is  inserted 

in  the  module  slot. 

err-disabled 

(Optional)  Display  interfaces  in  error-disabled  state. 

switchport 

(Optional)  Display  the  administrative  and  operational  status  of  a  switching  port, 

including  port  blocking  and  port  protection  settings. 

backup 

(Optional)  Display  Flex  Link  backup  interface  configuration  and  status  for  the 

specified  interface  or  all  interfaces  on  the  switch. 

transceiver 

(Optional)  Display  the  physical  properties  of  a  CWDM1  or  DWDM2  small 

[detail  1 

form-factor  (SFP)  module  interface.  The  keywords  have  these  meanings: 

properties] 

•    detail — (Optional)  Display  calibration  properties,  including  high  and  low 

numbers  and  any  alarm  information. 

•    properties — (Optional)  Display  speed  and  duplex  settings  on  an  interface. 
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trunk 

Disnlav  interface  trunk  information  If  von  do  not  snecifv  an  interface  onlv 

J_V  IJL/IU  V     111  ICl  1  LlV^.     L±  LI  1  1  IV    1111  V '  1  lllUllWlli    A.  J.      V  V  /  L4-    V-l  V  /    11U  L    jL'^'^'XJ.y     CI  1  1    lllLwllUVW^  y 

information  for  active  trunking  ports  appears. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

1.  coarse  wavelength-division  multiplexer 

2.  dense  wavelength-division  multiplexer 


X   

Note      Though  visible  in  the  command-line  help  strings,  the  crb,  irb,  mac-accounting,  precedence, 
random-detect,  rate-limit,  and  shape  keywords  are  not  supported. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  show  interfaces  capabilities  command  with  different  keywords  has  these  results: 

•  Use  the  show  interface  capabilities  module  1  to  display  the  capabilities  of  all  interfaces  on  the 
switch.  Entering  any  other  number  is  invalid. 

•  Use  the  show  interfaces  interface-id  capabilities  to  display  the  capabilities  of  the  specified 
interface. 

•  Use  the  show  interfaces  capabilities  (with  no  module  number  or  interface  ID)  to  display  the 
capabilities  of  all  interfaces  on  the  switch. 

•  Use  the  show  interface  switchport  module  1  to  display  the  switch  port  characteristics  of  all 
interfaces  on  the  switch.  Entering  any  other  number  is  invalid. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples  This  is  an  example  of  output  from  the  show  interfaces  command  for  an  interface: 

Switch*  show  interfaces  gigabitethernetO/2 

GigabitEthernetO/2  is  down,    line  protocol  is  down 

Hardware  is  Gigabit  Ethernet,   address  is  0009 . 43a7 . d085    (bia  0 0 09 . 43a7 . d085 ) 
MTU  1500  bytes,    BW  10000  Kbit,    DLY  1000  usee, 

reliability  255/255,   txload  1/255,   rxload  1/255 
Encapsulation  ARPA,    loopback  not  set 
Keepalive  set    (10  sec) 
Auto-duplex,  Auto-speed 

input  flow-control  is  off,   output  flow-control  is  off 

ARP  type:  ARPA,  ARP  Timeout  04:00:00  Last  input  never,  output  never,  output  hang  never 
Last  clearing  of   "show  interface"  counters  never 

Input  queue:   0/75/0/0    { size/max/drops / flushes ) ;   Total  output  drops:  0 
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show  interfaces  IS 


Queueing  strategy:  fifo 
Output  queue    :0/40  (size/max) 

5  minute  input  rate  0  bits/sec,    0  packets/sec 
5  minute  output  rate  0  bits/sec,    0  packets/sec 
2  packets  input,    1040  bytes,    0  no  buffer 
Received  0  broadcasts,    0  runts,    0  giants,  0 


throttles 
0  ignored 


0  input  errors,    0  CRC,    0  frame,    0  overrun 

0  watchdog,    0  multicast,    0  pause  input 

0  input  packets  with  dribble  condition  detected 

4  packets  output,    1040  bytes,    0  underruns 

0  output  errors,    0  collisions,    3  interface  resets 

0  babbles,    0  late  collision,    0  deferred 

0  lost  carrier,    0  no  carrier,    0  PAUSE  output 

0  output  buffer  failures,    0  output  buffers  swapped  out 


This  is  an  example  of  output  from  the  show  interfaces  accounting  command. 


Switch#  show  interfaces  accounting 

Vlanl 

Protocol         Pkts  In       Chars  In 
IP         1094395  131900022 
Spanning  Tree  283896  17033760 

ARP  63738  3825680 

Interface  Vlan2  is  disabled 
Vlan7 

Protocol  Pkts  In  Chars  In 
No  traffic  sent  or  received  on  this  interface. 
Vlan31 

Protocol  Pkts  In  Chars  In 
No  traffic  sent  or  received  on  this  interface. 


Pkts  Out     Chars  Out 
559555  84077157 


42 
231 


2520 
13860 


Pkts  Out     Chars  Out 


Pkts  Out     Chars  Out 


GigabitEthernetO/1 

Protocol         Pkts  In       Chars  In       Pkts  Out     Chars  Out 
No  traffic  sent  or  received  on  this  interface. 
GigabitEthernetO/2 

Protocol         Pkts  In       Chars  In       Pkts  Out     Chars  Out 
No  traffic  sent  or  received  on  this  interface. 

<output  truncated> 

This  is  an  example  of  output  from  the  show  interfaces  capabilities  command  for  an  interface. 

Switch#  show  interfaces  gigabitethernetO/2  capabilities 

GigabitEthernetO/2 

Model:  WS-cgesm-24T-E 


Type : 

Speed: 

Duplex: 

Trunk  encap .   type : 
Trunk  mode : 
Channel : 


10/100/1000BaseTX 
10, 100, 1000, auto 
full , auto 
802 . 1Q, ISL 

on, of f , desirable, nonegotiate 
yes 


Broadcast  suppression:  percentage ( 0-100 ) 


Flowcontrol : 
Fast  Start: 
QoS  scheduling: 
CoS  rewrite: 
ToS  rewrite: 
UDLD: 

Inline  power: 
SPAN: 

PortSecure : 
Dotlx: 


rx- (of f , on, desired) , tx- (none) 
yes 

rx- (not  configurable  on  per  port  basis ), tx- ( 4q2t ) 

yes 

yes 

yes 

no 

source /destination 

yes 

yes 
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This  is  an  example  of  output  from  the  show  interfaces  interface  description  command  when  the 
interface  has  been  described  as  Connects  to  Marketing  by  using  the  description  interface  configuration 
command. 

Switch#  show  interfaces  gigabitethernetO/2  description 

Interface  Status  Protocol  Description 

GiO/2  up  down  Connects  to  Marketing 

This  is  an  example  of  output  from  the  show  interfaces  etherchannel  command  when  port  channels  are 
configured  on  the  switch: 

Switch#  show  interfaces  etherchannel 

Port-channell : 

Age  of  the  Port-channel       =  03d: 20h: 17m: 29s 

Logical  slot/port       =  10/1  Number  of  ports  =  0 

GC  =  0x00000000  HotStandBy  port  =  null 

Port  state  =  Port-channel  Ag-Not-Inuse 


Port-channel2 : 

Age  of  the  Port-channel       =  03d: 20h: 17m: 29s 

Logical  slot/port       =  10/2  Number  of  ports  =  0 

GC  =  0x00000000  HotStandBy  port  =  null 

Port  state  =  Port-channel  Ag-Not-Inuse 

Port-channel3 : 

Age  of  the  Port-channel       =  03d: 20h: 17m: 29s 

Logical  slot/port       =  10/3  Number  of  ports  =  0 

GC  =  0x00000000  HotStandBy  port  =  null 

Port  state  =  Port-channel  Ag-Not-Inuse 


This  is  an  example  of  output  from  the  show  interfaces  interface-id  pruning  command  when  pruning  is 
enabled  in  the  VTP  domain: 

Switch#  show  interfaces  gigibitethernetO/2  pruning 

Port        Vlans  pruned  for  lack  of  request  by  neighbor 
GiO/2  3,4 


Port  Vlans  traffic  requested  of  neighbor 
GiO/2  1-3 


This  is  an  example  of  output  from  the  show  interfaces  stats  command  for  a  specified  VLAN  interface. 

Switch#  show  interfaces  vlan  1  stats 

Switching  path        Pkts  In      Chars  In       Pkts  Out     Chars  Out 

Processor         1165354     136205310  570800  91731594 

Route  cache  0  0  0  0 

Total         1165354     136205310  570800  91731594 


This  is  an  example  of  partial  output  from  the  show  interfaces  status  command.  It  displays  the  status  of 
all  interfaces. 

Switch#  show  interfaces  status 


Port  Name 

Status 

Vlan 

Duplex 

Speed 

Type 

Gi0/1 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

GiO/2 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

GiO/3 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

GiO/4 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

GiO/5 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

GiO/6 

notconnect 

1 

auto 

auto 

10/100/1000BaseTX 

<output  truncated> 
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show  interfaces  U 


This  is  an  example  of  output  from  the  show  interfaces  status  err-disabled  command.  It  displays  the 
status  of  interfaces  in  the  error-disabled  state. 

Switch#  show  interfaces  status  err-disabled 


This  is  an  example  of  output  from  the  show  interfaces  switchport  command  for  a  port.  Table  2-21 
describes  the  fields  in  the  display. 


Note      Private  VLANs  are  not  supported  in  this  release,  so  those  fields  are  not  applicable. 


Switch#  show  interfaces  gigabitethernetO/1  switchport 

Name:  GiO/1 
Switchport:  Enabled 
Administrative  Mode:   dynamic  auto 
Operational  Mode:  static  access 

Administrative  Trunking  Encapsulation:  negotiate 
Operational  Trunking  Encapsulation:  native 
Negotiation  of  Trunking:  On 
Access  Mode  VLAN:   1  (default) 
Trunking  Native  Mode  VLAN :    1  (default) 
Voice  VLAN:  none 

Administrative  private-vlan  host-association: 10    (VLAN0010)    502  (VLAN0502) 

Administrative  private-vlan  mapping:  none 

Administrative  private-vlan  trunk  native  VLAN:  none 

Administrative  private-vlan  trunk  encapsulation:  dotlq 

Administrative  private-vlan  trunk  normal  VLANs:  none 

Administrative  private-vlan  trunk  private  VLANs :  none 

Operational  private-vlan:  none 

Trunking  VLANs  Enabled:  ALL 

Pruning  VLANs  Enabled:  2-1001 

Capture  Mode  Disabled 

Capture  VLANs  Allowed:  ALL 


Protected:  false 

Unknown  unicast  blocked:  disabled 
Unknown  multicast  blocked:  disabled 

Voice  VLAN:  none  (Inactive) 
Appliance  trust:  none 

This  is  an  example  of  out  put  from  the  show  interfaces  switchport  backup  command  when  a  Flex  Link 
interface  goes  down  (LINK_DOWN),  and  VLANs  preferred  on  this  interface  are  moved  to  the  peer 
interface  of  the  Flex  Link  pair.  In  this  example,  if  interface  GiO/6  goes  down,  Gi0/8  carries  all  VLANs 
of  the  Flex  Link  pair. 

Switch#show  interfaces  switchport  backup 

Switch  Backup  Interface  Pairs: 

Active  Interface  Backup  Interface  State 


GigabitEthernetO / 6         GigabitEthernetO / 8        Active  Down/Backup  Up 

Vlans  Preferred  on  Active  Interface:  1-50 

Vlans  Preferred  on  Backup  Interface:   60,  100-120 

This  is  an  example  of  output  from  the  show  interfaces  switchport  backup  command.  In  this  example, 
VLANs  1  to  50,  60,  and  100  to  120  are  configured  on  the  switch: 

Switch (config) #interface  gigabitEthernet  0/6 


Port 
Gi0/2 


Name 


Status  Reason 
err-disabled  dtp-flap 
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Switch (config-if) #switchport  backup  interface  gigabitEthernet  0/8  prefer  vlan  60,100-120 

When  both  interfaces  are  up,  GiO/8  forwards  traffic  for  VLANs  60,  100  to  120,  and  GiO/6  will  forward 
traffic  for  VLANs  1  to  50. 

Switch#show  interfaces  switchport  backup 

Switch  Backup  Interface  Pairs: 

Active  Interface  Backup  Interface  State 


GigabitEthernetO/6         GigabitEthernetO / 8        Active  Up/Backup  Up 

Vlans  on  Interface  Gi  0/6:  1-50 

Vlans  on  Interface  Gi  0/8:   60,  100-120 

When  a  Flex  Link  interface  goes  down  (LINK_DOWN),  VLANs  preferred  on  this  interface  are  moved 
to  the  peer  interface  of  the  Flex  Link  pair.  In  this  example,  if  interface  GiO/6  goes  down,  Gi0/8  carries 
all  VLANs  of  the  Flex  Link  pair. 

Switch#show  interfaces  switchport  backup 

Switch  Backup  Interface  Pairs: 

Active  Interface  Backup  Interface  State 


GigabitEthernetO/ 6         GigabitEthernetO / 8        Active  Down/Backup  Up 
Vlans  on  Interface  Gi  0/6: 

Vlans  on  Interface  Gi  0/8:   1-50,    60,  100-120 

When  a  Flex  Link  interface  comes  up,  VLANs  preferred  on  this  interface  are  blocked  on  the  peer 
interface  and  moved  to  the  forwarding  state  on  the  interface  that  has  just  come  up.  In  this  example,  if 
interface  GiO/6  comes  up,  then  VLANs  preferred  on  this  interface  are  blocked  on  the  peer  interface  Gi0/8 
and  forwarded  on  GiO/6. 

Switch#show  interfaces  switchport  backup 

Switch  Backup  Interface  Pairs : 

Active  Interface  Backup  Interface  State 


GigabitEthernetO/ 6         GigabitEthernetO / 8        Active  Up/Backup  Up 

Vlans  on  Interface  Gi  0/6:  1-50 

Vlans  on  Interface  Gi  0/8:   60,  100-120 


Table  2-21        show  interfaces  switchport  Field  Descriptions 


Field 

Description 

Name 

Displays  the  port  name. 

Switchport 

Displays  the  administrative  and  operational  status  of  the  port. 
In  this  display,  the  port  is  in  switchport  mode. 

Administrative  Mode 

Displays  the  administrative  and  operational  modes. 

Operational  Mode 

Administrative  Trunking 
Encapsulation 

Displays  the  administrative  and  operational  encapsulation 
method  and  whether  trunking  negotiation  is  enabled. 

Operational  Trunking  Encapsulation 

Negotiation  of  Trunking 
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Table  2-21        show  interfaces  switchport  Field  Descriptions  (continued) 


Field 

Description 

Access  Mode  VLAN 

Displays  the  VLAN  ID  to  which  the  port  is  configured. 

Trunking  Native  Mode  VLAN 
Trunking  VLANs  Enabled 
Trunking  VLANs  Active 

Lists  the  VLAN  ID  of  the  trunk  that  is  in  native  mode.  Lists  the 
allowed  VLANs  on  the  trunk.  Lists  the  active  VLANs  on  the 
trunk. 

Pruning  VLANs  Enabled 

Lists  the  VLANs  that  are  pruning-eligible. 

r  roiecieu 

i-'ispidys  wneiner  or  iiol  protected  port  is  eiiaDieu  ^iruej  or 
disabled  (False)  on  the  interface. 

Unknown  unicast  blocked 
Unknown  multicast  blocked 

Displays  whether  or  not  unknown  multicast  and  unknown 
unicast  traffic  is  blocked  on  the  interface. 

Voice  VLAN 

Displays  the  VLAN  ID  on  which  voice  VLAN  is  enabled. 

Appliance  trust 

Displays  the  class  of  service  (CoS)  setting  of  the  data  packets 
of  the  IP  phone. 

This  is  an  example  of  output  from  the  show  interfaces  switchport  backup  command: 

Switch#  show  interfaces  switchport  backup 

Switch  Backup  Interface  Pairs: 

Active  Interface        Backup  Interface  State 

FaO/1                              FaO/2  Active  Up/Backup  Standby 

FaO/3                                FaO/5  Active  Down/Backup  Up 

Pol                                 Po2  Active  Standby/Backup  Up 

This  is  an  example  of  output  from  the  show  interfaces  interface-id  pruning  command: 

Switch#  show  interfaces  gigibitethernetO/2  pruning 

Port        Vlans  pruned  for  lack  of  request  by  neighbor 

This  is  an  example  of  output  from  the  show  interfaces  interface-id  trunk  command.  It  displays  trunking 
information  for  the  port. 

Switch#  show  interfaces  gigabitethernetO/1  trunk 


Port  Mode  Encapsulation     Status  Native  vlan 

GiO/1  auto  negotiate  trunking  1 

Port  Vlans  allowed  on  trunk 

GiO/1  1-4094 

Port  Vlans  allowed  and  active  in  management  domain 

GiO/1  1-4 

Port  Vlans  in  spanning  tree  forwarding  state  and  not  pruned 

Gio/i  i-4This  is  an  example  of  output  from  the  show  interfaces  interface-id  transceiver 


properties  command: 

Switch#  show  interfaces  gigabitethernetO/1  transceiver  properties 

Name   :  GiO/1 

Administrative  Speed:  auto 
Operational  Speed:  auto 
Administrative  Duplex:  auto 
Administrative  Power  Inline:  N/A 
Operational  Duplex:  auto 
Administrative  Auto-MDIX:  off 
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Operational  Auto-MDIX:  off 

This  is  an  example  of  output  from  the  show  interfaces  interface-id  transceiver  detail  command: 

Switch*  show  interfaces  gigabitethernetO/3  transceiver  detail 

ITU  Channel  not  available   (Wavelength  not  available) , 
Transceiver  is  externally  calibrated. 

mA:milliamperes ,   dBm: decibels   (milliwatts),  N/A:not  applicable. 
++:high  alarm,   +:high  warning,    -:low  warning,  : low  alarm. 

A2D  readouts   (if  they  differ) ,   are  reported  in  parentheses. 
The  threshold  values  are  uncalibrated. 


Port 

Temperature 
(Celsius) 

High  Alarm 
Threshold 
(Celsius ) 

High  Warn 
Threshold 
(Celsius ) 

Low  Warn 
Threshold 
(Celsius ) 

Low  Alarm 
Threshold 
(Celsius) 

GiO/3 

41 .  5 

110  .  0 

103  .  0 

-8  .  0 

-12  .  0 

Port 

Voltage 
(Volts) 

High  Alarm 

Threshold 

(Volts) 

High  Warn 
Threshold 
(Volts) 

Low  Warn 

Threshold 

(Volts) 

Low  Alarm 
Threshold 
(Volts) 

GiO/3 

3.20 

4  .  00 

3  .70 

3  .  00 

2  .  95 

Port 

Current 
(milliamperes) 

High  Alarm 
Threshold 
(mA) 

High  Warn 
Threshold 
(mA) 

Low  Warn 

Threshold 

(mA) 

Low  Alarm 
Threshold 
(mA) 

GiO/3 

31.0 

84  .  0 

70  .  0 

4  .  0 

2  .  0 

Port 

Optical 

Transmit  Power 
(dBm) 

High  Alarm 

Threshold 

(dBm) 

High  Warn 
Threshold 
(dBm) 

Low  Warn 

Threshold 

(dBm) 

Low  Alarm 
Threshold 
(dBm) 

GiO/3 

-0.0    (  -0.0) 

-0.0 

-0  .  0 

-0  .  0 

-0  .  0 

Port 

Optical 
Receive  Power 
(dBm) 

High  Alarm 

Threshold 

(dBm) 

High  Warn 
Threshold 
(dBm) 

Low  Warn 

Threshold 

(dBm) 

Low  Alarm 
Threshold 
(dBm) 

GiO/3 

N/A     (   -0.0)  -- 

-0.0 

-0  .  0 

-0  .  0 

-0  .  0 

Related  Commands      Command  Description 


switchport  access 

Configures  a  port  as  a  static-access  or  a  dynamic-access  port. 

switchport  block 

Blocks  unknown  unicast  or  multicast  traffic  on  an  interface. 

switchport  backup  interface 

Configures  Flex  Links,  a  pair  of  Layer  2  interfaces  that  provide  mutual 

backup. 

switchport  mode 

Configures  the  VLAN  membership  mode  of  a  port. 

switchport  protected 

Isolates  unicast,  multicast,  and  broadcast  traffic  at  Layer  2  from  other 

protected  ports  on  the  same  switch. 

switchport  trunk  pruning 

Configures  the  VLAN  pruning-eligible  list  for  ports  in  trunking  mode. 
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show  interfaces  counters 


Use  the  show  interfaces  counters  privileged  EXEC  command  to  display  various  counters  for  the  switch 
or  for  a  specific  interface. 

show  interfaces  [interface-id  I  vlan  vlan-id]  counters  [errors  I  etherchannel  I  protocol  status  I 
trunk]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

interface-id 

(Optional)  ID  of  the  physical  interface,  including  type,  module,  and  port 
number. 

errors 

(Optional)  Display  error  counters. 

etherchannel 

(Optional)  Display  EtherChannel  counters,  including  octets,  broadcast 
packets,  multicast  packets,  and  unicast  packets  received  and  sent. 

protocol  status 

(Optional)  Display  status  of  protocols  enabled  on  interfaces. 

trunk 

(Optional)  Display  trunk  counters. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Note 

Though  visible  in 

the  command-line  help  string,  the  vlan  vlan-id  keyword  is  not  supported. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


If  you  do  not  enter  any  keywords,  all  counters  for  all  interfaces  are  included. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


This  is  an  example  of  partial  output  from  the  show  interfaces  counters  command.  It  displays  all 
counters  for  the  switch. 

Switch#  show  interfaces  counters 

Port                        InOctets       InUcastPkts  InMcastPkts  InBcastPkts 

GiO/1                                   0                          0  0  0 

GiO/2                                      0                            0  0  0 


<output  truncated> 
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This  is  an  example  of  output  from  the  show  interfaces  counters  trunk  command.  It  displays  trunk 
counters  for  all  interfaces. 

Switch#  show  interfaces  counters  trunk 

Port  TrunkFramesTx     TrunkFramesRx  WrongEncap 


GiO/1  0  0  0 

Gi0/2  0  0  0 

GiO/3  80678  4155  0 

Gi0/4  82320  126  0 

Gi0/5  0  0  0 


<output  truncated> 


Related  Commands      Command  Description 

show  interfaces  Displays  additional  interface  characteristics. 
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show  inventory 


show  inventory 


Use  the  show  inventory  user  EXEC  command  to  display  product  identification  (PID)  information  for 
the  hardware. 

show  inventory  [entity-name  I  raw]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

entity-name 

(Optional)  Display  the  specified  entity.  For  example,  enter  the  interface 
(such  as  gigabitethernetO/1)  into  which  a  small  form-factor  pluggable  (SFP) 
module  is  installed. 

raw 

(Optional)  Display  every  entity  in  the  device. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SED 

This  command  was  introduced. 

Usage  Guidelines 


The  command  is  case  sensitive.  With  no  arguments,  the  show  inventory  command  produces  a  compact 
dump  of  all  identifiable  entities  that  have  a  product  identifier.  The  compact  dump  displays  the  entity 
location  (slot  identity),  entity  description,  and  the  unique  device  identifier  (UDI)  (PID,  VID,  and  SN)  of 
that  entity. 


Note 


If  there  is  no  PID,  no  output  appears  when  you  enter  the  show  inventory  command. 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 
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Examples  This  is  example  output  from  the  show  inventory  command: 

switch#  show  inventory 
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show  ip  dhcp  snooping  I 


show  ip  dhcp  snooping 


Use  the  show  ip  dhcp  snooping  user  EXEC  command  to  display  the  DHCP  snooping  configuration, 
show  ip  dhcp  snooping  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  ip  dhcp  snooping  command: 

Switch>  show  ip  dhcp  snooping 

Switch  DHCP  snooping  is  enabled 

DHCP  snooping  is  configured  on  following  VLANs : 
40-42 

Insertion  of  option  82  is  enabled 

circuit-id  format:  vlan-mod-port 

remote-id  format:  string 
Option  82  on  untrusted  port  is  allowed 
Verification  of  hwaddr  field  is  enabled 

Interface  Trusted  Rate  limit  (pps) 


GigabitEthernetO/1 
GigabitEthernetO/2 


yes 
yes 


unlimited 
unlimited 


Related  Commands  Command 


Description 


show  ip  dhcp  snooping  binding      Displays  the  DHCP  snooping  binding  information. 
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show  ip  dhcp  snooping  binding 

Use  the  show  ip  dhcp  snooping  binding  user  EXEC  command  to  display  the  DHCP  snooping  binding 
database  and  configuration  information  for  all  interfaces  on  a  switch. 

show  ip  dhcp  snooping  binding  [ip-address]  [mac-address]  [interface  interface-id]  [vlan  vlan-id] 
[  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description      ip-address  (Optional)  Specify  the  binding  entry  IP  address. 


mac-address 

(Optional)  Specify  the  binding  entry  MAC  address. 

interface  interface-id 

(Optional)  Specify  the  binding  input  interface. 

vlan  vlan-id 

(Optional)  Specify  the  binding  entry  VLAN. 

1  begin 

Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

Display  excludes  lines  that  match  the  expression. 

1  include 

Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  show  ip  dhcp  snooping  binding  command  output  shows  the  dynamically  configured  bindings. 

If  DHCP  snooping  is  enabled  and  an  interface  changes  to  the  down  state,  the  switch  does  not  delete  the 
statically  configured  bindings. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  example  shows  how  to  display  the  DHCP  snooping  binding  entries  for  a  switch: 

Switch>  show  ip  dhcp  snooping  binding 

MacAddress  IpAddress  Lease (sec)     Type  VLAN  Interface 


01:02:03:04:05:06       10.1.2.150  9837  dhcp-snooping     20         GigabitEthernetO / 1 

00:D0:B7:1B:35:DE       10.1.2.151  237  dhcp-snooping     20  GigabitEthernetO/2 

Total  number  of  bindings:  2 

This  example  shows  how  to  display  the  DHCP  snooping  binding  entries  for  a  specific  IP  address: 

Switch>  show  ip  dhcp  snooping  binding  10.1.2.150 

MacAddress  IpAddress  Lease (sec)     Type  VLAN  Interface 


01:02:03:04:05:06       10.1.2.150  9810  dhcp-snooping     20         GigabitEthernetO / 1 

Total  number  of  bindings:  1 
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show  ip  dhcp  snooping  binding  M 


This  example  shows  how  to  display  the  DHCP  snooping  binding  entries  for  a  specific  MAC  address: 

Switch>  show  ip  dhcp  snooping  binding  0102.0304.0506 

MacAddress  IpAddress  Lease (sec)     Type  VLAN  Interface 


01:02:03:04:05:06       10.1.2.150  9788  dhcp-snooping     20  GigabitEthernetO/2 

Total  number  of  bindings:  1 

This  example  shows  how  to  display  the  DHCP  snooping  binding  entries  on  a  port: 

Switch>  show  ip  dhcp  snooping  binding  interface  gigabitethernetO/2 

MacAddress  IpAddress  Lease (sec)     Type  VLAN  Interface 


00 : 30 : 94 :C2 :EF: 35       10.1.2.151  290  dhcp-snooping     20  GigabitEthernetO/2 

Total  number  of  bindings:  1 

This  example  shows  how  to  display  the  DHCP  snooping  binding  entries  on  VLAN  20: 

Switch>  show  ip  dhcp  snooping  binding  vlan  20 

MacAddress  IpAddress  Lease (sec)     Type  VLAN  Interface 

01:02:03:04:05:06       10.1.2.150  9747  dhcp-snooping     20         GigabitEthernetO / 1 

00:00:00:00:00:02       10.1.2.151  65  dhcp-snooping     20  GigabitEthernetO/2 

Total  number  of  bindings:  2 

Table  2-22  describes  the  fields  in  the  show  ip  dhcp  snooping  binding  command  output: 
Table  2-22         show  ip  dhcp  snooping  binding  Command  Output 


Field 

Description 

MacAddress 

Client  hardware  MAC  address 

IpAddress 

Client  IP  address  assigned  from  the  DHCP  server 

Lease(sec) 

Remaining  lease  time  for  the  IP  address 

Type 

Binding  type 

VLAN 

VLAN  number  of  the  client  interface 

Interface 

Interface  that  connects  to  the  DHCP  client  host 

Total  number  of  bindings 

Total  number  of  bindings  configured  on  the  switch 

Note     The  command  output  might  not  show  the  total  number  of 

bindings.  For  example,  if  200  bindings  are  configured  on  the 
switch  and  you  stop  the  display  before  all  the  bindings  appear,  the 
total  number  does  not  change. 

Related  Commands      Command  Description 

show  ip  dhcp  snooping  Displays  the  DHCP  snooping  configuration. 
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show  ip  dhcp  snooping  statistics 


Syntax  Description 


Use  the  show  ip  dhcp  snooping  statistics  user  EXEC  command  to  display  DHCP  snooping  statistics  in 
summary  or  detail  form. 

show  ip  dhcp  snooping  statistics  [detail]  [  I  {hegin  I  exclude  I  include}  expression] 


detail  (Optional)  Display  detailed  statistics  information. 

I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 


exclude 


Command  Modes        User  EXEC 


(Optional)  Display  excludes  lines  that  match  the  expression. 


I  include  (Optional)  Display  includes  lines  that  match  the  specified  expression, 
expression       Expression  in  the  output  to  use  as  a  reference  point. 


Command  History  Release 

12.2(37)SE 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 

In  a  switch  stack,  all  statistics  are  generated  on  the  stack  master.  If  a  new  stack  master  is  elected,  the 
statistics  counters  reset. 


Examples 


This  is  an  example  of  output  from  the  show  ip  dhcp  snooping  statistics  command: 


Switch>  show  ip  dhcp  snooping  statistics 

Packets  Forwarded 
Packets  Dropped 

Packets  Dropped  From  untrusted  ports 


=  0 
=  0 
=  0 


This  is  an  example  of  output  from  the  show  ip  dhcp  snooping  statistics  detail  command: 


Switch>  show  ip  dhcp  snooping  statistics  detail 

Packets  Processed  by  DHCP  Snooping 
Packets  Dropped  Because 

IDB  not  known 

Queue  full 

Interface  is  in  errdisabled 
Rate  limit  exceeded 
Received  on  untrusted  ports 
Nonzero  giaddr 

Source  mac  not  equal  to  chaddr 

Binding  mismatch 

Insertion  of  opt82  fail 

Interface  Down 

Unknown  output  interface 

Reply  output  port  equal  to  input  port 

Packet  denied  by  platform 


=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 

=  0 
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Table  2-23  shows  the  DHCP  snooping  statistics  and  their  descriptions: 
Table  2-23        DHCP  Snooping  Statistics 


DHCP  Snooping  Statistic 

Description 

Packets  Processed  by  DHCP  Snooping 

Total  number  of  packets  handled  by  DHCP 
snooping,  including  forwarded  and  dropped 
packets. 

Packets  Dropped  Because  IDB  not  known 

Number  of  errors  when  the  input  interface  of  the 
packet  cannot  be  determined. 

Queue  full 

Number  of  errors  when  an  internal  queue  used  to 
process  the  packets  is  full.  This  might  happen  if 
DHCP  packets  are  received  at  an  excessively  high 
rate  and  rate  limiting  is  not  enabled  on  the  ingress 
ports. 

Interface  is  in  errdisabled 

Number  of  times  a  packet  was  received  on  a  port 
that  has  been  marked  as  error  disabled.  This  might 
happen  if  packets  are  in  the  processing  queue 
when  a  port  is  put  into  the  error-disabled  state  and 
those  packets  are  subsequently  processed. 

Rate  limit  exceeded 

Number  of  times  the  rate  limit  configured  on  the 
port  was  exceeded  and  the  interface  was  put  into 
the  error-disabled  state. 

Received  on  untrusted  ports 

Number  of  times  a  DHCP  server  packet  (OFFER, 
ACK,  NAK,  or  LEASEQUERY)  was  received  on 
an  untrusted  port  and  was  dropped. 

Nonzero  giaddr 

Number  of  times  the  relay  agent  address  field 
(giaddr)  in  the  DHCP  packet  received  on  an 
untrusted  port  was  not  zero,  or  the  no  ip  dhcp 
snooping  information  option  allow-untrusted 

global  configuration  command  is  not  configured 
and  a  packet  received  on  an  untrusted  port 
contained  option-82  data. 

Source  mac  not  equal  to  chaddr 

Number  of  times  the  client  MAC  address  field  of 
the  DHCP  packet  (chaddr)  does  not  match  the 
packet  source  MAC  address  and  the  ip  dhcp 
snooping  verify  mac-address  global 
configuration  command  is  configured. 

Binding  mismatch 

Number  of  times  a  RELEASE  or  DECLINE 
packet  was  received  on  a  port  that  is  different  than 
the  port  in  the  binding  for  that  MAC 
address- VLAN  pair.  This  indicates  someone 
might  be  trying  to  spoof  the  real  client,  or  it  could 
mean  that  the  client  has  moved  to  another  port  on 
the  switch  and  issued  a  RELEASE  or  DECLINE. 
The  MAC  address  is  taken  from  the  chaddr  field 
of  the  DHCP  packet,  not  the  source  MAC  address 
in  the  Ethernet  header. 
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Table  2-23         DHCP  Snooping  Statistics 


DHCP  Snooping  Statistic 

Description 

Insertion  of  opt82  fail 

Number  of  times  the  option-82  insertion  into  a 
packet  failed.  The  insertion  might  fail  if  the 
packet  with  the  option-82  data  exceeds  the  size  of 
a  single  physical  packet  on  the  internet. 

Interface  Down 

Number  of  times  the  packet  is  a  reply  to  the 
DHCP  relay  agent,  but  the  SVI  interface  for  the 
relay  agent  is  down.  This  is  an  unlikely  error  that 
occurs  if  the  SVI  goes  down  between  sending  the 
client  request  to  the  DHCP  server  and  receiving 
the  response. 

Unknown  output  interface 

Number  of  times  the  output  interface  for  a  DHCP 
reply  packet  cannot  be  determined  by  either 
option-82  data  or  a  lookup  in  the  MAC  address 
table.  The  packet  is  dropped.  This  can  happen  if 
option  82  is  not  used  and  the  client  MAC  address 
has  aged  out.  If  IPSG  is  enabled  with  the 
port-security  option  and  option  82  is  not  enabled, 
the  MAC  address  of  the  client  is  not  learned,  and 
the  reply  packets  will  be  dropped. 

Reply  output  port  equal  to  input  port 

Number  of  times  the  output  port  for  a  DHCP  reply 
packet  is  the  same  as  the  input  port,  causing  a 
possible  loop.  Indicates  a  possible  network 
misconfiguration  or  misuse  of  trust  settings  on 
ports. 

Packet  denied  by  platform 

Number  of  times  the  packet  has  been  denied  by  a 
platform-specific  registry. 

Related  Commands      Command  Description 

clear  ip  dhcp  snooping  Clears  the  DHCP  snooping  binding  database,  the  DHCP 

snooping  binding  database  agent  statistics,  or  the  DHCP 
snooping  statistics  counters. 
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show  ip  igmp  profile 


Use  the  show  ip  igmp  profile  privileged  EXEC  command  to  display  all  configured  Internet  Group 
Management  Protocol  (IGMP)  profiles  or  a  specified  IGMP  profile. 

show  ip  igmp  profile  [profile  number]  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 

profile  number 

(Optional)  The  IGMP  profile  number  to  be  displayed.  The  range  is  1  to 

4294967295.  If  no  profile  number  is  entered,  all  IGMP  profiles  are  displayed. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
are  not  displayed,  but  the  lines  that  contain  Output  are  displayed. 


Examples 


These  are  examples  of  output  from  the  show  ip  igmp  profile  privileged  EXEC  command,  with  and 
without  specifying  a  profile  number.  If  no  profile  number  is  entered,  the  display  includes  all  profiles 
configured  on  the  switch. 


Switch#  show  ip  igmp  profile  40 

IGMP  Profile  40 
permit 

range  233.1.1.1  233.255.255.255 

Switch#  show  ip  igmp  profile 

IGMP  Profile  3 

range  230.9.9.0  230.9.9.0 
IGMP  Profile  4 

permit 

range  229.9.9.0  229.255.255.255 


Related  Commands  Command 


Description 


ip  igmp  profile 


Configures  the  specified  IGMP  profile  number. 
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show  ip  igmp  snooping 


Use  the  show  ip  igmp  snooping  user  EXEC  command  to  display  the  Internet  Group  Management 
Protocol  (IGMP)  snooping  configuration  of  the  switch  or  the  VLAN. 

show  ip  igmp  snooping  [groups  I  mrouter  I  querier]  [vlan  vlan-id]  [  I  {begin  I  exclude  I  include) 

expression] 


Syntax  Description 

groups 

(Optional)  See  the  show  ip  igmp  snooping  groups  command. 

mrouter 

(Optional)  See  the  show  ip  igmp  snooping  mrouter  command. 

querier 

(Optional)  See  the  show  ip  igmp  snooping  querier  command. 

vlan  vlan-id 

(Optional)  Specify  a  VLAN;  the  range  is  1  to  1001  and  1006  to  4094  (available 

only  in  privileged  EXEC  mode). 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Use  this  command  to  display  snooping  configuration  for  the  switch  or  for  a  specific  VLAN. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  ip  igmp  snooping  vlan  1  command.  It  shows  snooping 
characteristics  for  a  specific  VLAN. 

Switch*  show  ip  igmp  snooping  vlan  1 

Global  IGMP  Snooping  configuration: 


IGMP  snooping 

IGMPv3  snooping  (minimal) 

Report  suppression 

TCN  solicit  query 

TCN  flood  query  count 


Enabled 

Enabled 

Enabled 

Disabled 

2 


Vlan  1: 


IGMP  snooping 


Enabled 
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show  ip  igmp  snooping  M 


IGMPv2  immediate  leave 

Explicit  host  tracking 

Multicast  router  learning  mode 

CGMP  interoperability  mode 

Global  IGMP  Snooping  configuration: 


Disabled 
Enabled 
pim-dvmrp 
IGMP_ONLY 


IGMP  snooping 

IGMPv3  snooping  (minimal) 

Report  suppression 

TCN  solicit  query 

TCN  flood  query  count 

Last  Member  Query  Interval 


Enabled 

Enabled 

Enabled 

Disabled 

2 

1000 


Vlan  1: 


IGMP  snooping 
IGMPv2  immediate  leave 
Explicit  host  tracking 
Multicast  router  learning  mode 
Last  Member  Query  Interval 
CGMP  interoperability  mode 


Enabled 

Disabled 

Enabled 

pim-dvmrp 

1000 

IGMP_ONLY 


This  is  an  example  of  output  from  the  show  ip  igmp  snooping  command.  It  displays  snooping 
characteristics  for  all  VLANs  on  the  switch. 

Switch#  show  ip  igmp  snooping 

Global  IGMP  Snooping  configuration: 


IGMP  snooping 

IGMPv3  snooping  (minimal) 

Report  suppression 

TCN  solicit  query 

TCN  flood  query  count 


Enabled 

Enabled 

Enabled 

Disabled 

2 


Vlan  1: 


IGMP  snooping 
IGMPv2  immediate  leave 
Explicit  host  tracking 
Multicast  router  learning  mode 
CGMP  interoperability  mode 


Enabled 

Disabled 

Enabled 

pim-dvmrp 

IGMP_ONLY 


Vlan  2 : 


IGMP  snooping 
IGMPv2  immediate  leave 
Explicit  host  tracking 
Multicast  router  learning  mode 
CGMP  interoperability  mode 


Enabled 

Disabled 

Enabled 

pim-dvmrp 

IGMP_ONLY 


Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping 

Enables  the  IGMP  snooping  configurable-leave  timer. 

last-member-query-interval 

ip  igmp  snooping  querier 

Enables  the  IGMP  querier  function  in  Layer  2  networks. 

ip  igmp  snooping  report-suppression 

Enables  IGMP  report  suppression. 
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Command 

Description 

ip  igmp  snooping  ten 

Configures  the  IGMP  topology  change  notification 

behavior. 

ip  igmp  snooping  ten  flood 

Specifies  multicast  flooding  as  the  IGMP  spanning-tree 

topology  change  notification  behavior. 

ip  igmp  snooping  vlan 

Enables  IGMP  snooping  immediate-leave  processing  on  a 

immediate-leave 

VLAN. 

ip  igmp  snooping  vlan  mrouter 

Adds  a  multicast  router  port  or  configures  the  multicast 

learning  method. 

ip  igmp  snooping  vlan  static 

Statically  adds  a  Layer  2  port  as  a  member  of  a  multicast 

group. 

show  ip  igmp  snooping  groups 

Displays  the  IGMP  snooping  multicast  table  for  the  switch. 

show  ip  igmp  snooping  mrouter 

Displays  IGMP  snooping  multicast  router  ports  for  the 

switch  or  for  the  specified  multicast  VLAN. 

show  ip  igmp  snooping  querier 

Displays  the  configuration  and  operation  information  for 

the  IGMP  querier  configured  on  a  switch. 
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show  ip  igmp  snooping  groups  I 


show  ip  igmp  snooping  groups 


Use  the  show  ip  igmp  snooping  groups  privileged  EXEC  command  to  display  the  Internet  Group 
Management  Protocol  (IGMP)  snooping  multicast  table  for  the  switch  or  the  multicast  information.  Use 
with  the  vlan  keyword  to  display  the  multicast  table  for  a  specified  multicast  VLAN  or  specific  multicast 
information. 

show  ip  igmp  snooping  groups  [count  I  dynamic  [count]  I  user  [count]]  [  I  {begin  I  exclude  I 
include}  expression] 

show  ip  igmp  snooping  groups  vlan  vlan-id  [ip_address  I  count  I  dynamic  [count]  I  user  [count]] 
[  I  {begin  I  exclude  I  include]  expression] 


Syntax  Description 


count 

(Optional)  Display  the  total  number  of  entries  for  the  specified  command 

options  instead  of  the  actual  entries. 

dynamic 

(Optional)  Display  entries  learned  by  IGMP  snooping. 

user 

Optional)  Display  only  the  user-configured  multicast  entries. 

ip_address 

(Optional)  Display  characteristics  of  the  multicast  group  with  the  specified  group 

IP  address. 

vlan  vlan-id 

(Optional)  Specify  a  VLAN;  the  range  is  1  to  1001  and  1006  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  this  command  to  display  multicast  information  or  the  multicast  table. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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Examples  This  is  an  example  of  output  from  the  show  ip  igmp  snooping  groups  command  without  any  keywords. 

It  displays  the  multicast  table  for  the  switch. 

Switch#  show  ip  igmp  snooping  groups 

Vlan  Group  Type  Version  Port  List 


120  232.3.4.7  igmp  v3  GiO/1921,  GiO/202 

120  232.5.9.30  igmp  v3  GiO/1921,  GiO/202 

This  is  an  example  of  output  from  the  show  ip  igmp  snooping  groups  count  command.  It  displays  the 
total  number  of  multicast  groups  on  the  switch. 

Switch#  show  ip  igmp  snooping  groups  count 

Total  number  of  multicast  groups:  2 

This  is  an  example  of  output  from  the  show  ip  igmp  snooping  groups  dynamic  command.  It  shows 
only  the  entries  learned  by  IGMP  snooping. 

Switch)!  show  ip  igmp  snooping  groups  vlan  1  dynamic 

Vlan  Group  Type  Version  Port  List 


104  224.1.4.2  igmp  v2  Gi0/21,  Gi0/22 

104  224.1.4.3  igmp  v2  Gi0/21,  Gi0/22 

This  is  an  example  of  output  from  the  show  ip  igmp  snooping  groups  vlan  vlan-id  ip-address 
command.  It  shows  the  entries  for  the  group  with  the  specified  IP  address. 

Switch!!  show  ip  igmp  snooping  groups  vlan  104  224.1.4.2 

Vlan  Group  Type  Version  Port  List 


104  224.1.4.2  igmp  v2  Gi0/1,  Fal/0/15 

104  224.1.4.2  igmp  v2  Gi0/21 


Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  vlan  mrouter 

Configures  a  multicast  router  port. 

ip  igmp  snooping  vlan  static 

Statically  adds  a  Layer  2  port  as  a  member  of  a  multicast  group. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration  of  the  switch  or  the 

VLAN. 

show  ip  igmp  snooping  mrouter 

Displays  IGMP  snooping  multicast  router  ports  for  the  switch  or 

for  the  specified  multicast  VLAN. 
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show  ip  igmp  snooping  mrouter  HI 


show  ip  igmp  snooping  mrouter 

Use  the  show  ip  igmp  snooping  mrouter  privileged  EXEC  command  to  display  the  Internet  Group 
Management  Protocol  (IGMP)  snooping  dynamically  learned  and  manually  configured  multicast  router 
ports  for  the  switch  or  for  the  specified  multicast  VLAN. 

show  ip  igmp  snooping  mrouter  [vlan  vlan-id]  [  I  {begin  I  exclude  I  include)  expression] 


Syntax  Description      vlan  vlan-id  (Optional)  Specify  a  VLAN;  the  range  is  1  to  1001  and  1006  to  4094. 


1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Use  this  command  to  display  multicast  router  ports  on  the  switch  or  for  a  specific  VLAN. 

VLAN  IDs  1002  to  1005  are  reserved  for  Token  Ring  and  FDDI  VLANs  and  cannot  be  used  in  IGMP 
snooping. 

When  multicast  VLAN  registration  (MVR)  is  enabled,  the  show  ip  igmp  snooping  mrouter  command 
displays  MVR  multicast  router  information  and  IGMP  snooping  information. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  ip  igmp  snooping  mrouter  command.  It  shows  how  to 

display  multicast  router  ports  on  the  switch. 

Switch#  show  ip  igmp  snooping  mrouter 

Vlan  ports 

1         Gi0/1 (dynamic) 
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Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  vlan  mrouter 

Adds  a  multicast  router  port. 

ip  igmp  snooping  vlan  static 

Statically  adds  a  Layer  2  port  as  a  member  of  a  multicast  group. 

show  ip  igmp  snooping 

Displays  the  IGMP  snooping  configuration  of  the  switch  or  the 

VLAN 

show  ip  igmp  snooping  groups 

Displays  IGMP  snooping  multicast  information  for  the  switch  or 

for  the  specified  parameter. 
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show  ip  igmp  snooping  querier  I 


show  ip  igmp  snooping  querier 


Use  the  show  ip  igmp  snooping  querier  detail  user  EXEC  command  to  display  the  configuration  and 
operation  information  for  the  IGMP  querier  configured  on  a  switch. 

show  ip  igmp  snooping  querier  [detail  I  vlan  vlan-id  [detail]]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 

detail 

Optional)  Display  detailed  IGMP  querier  information. 

vlan  vlan-id  [detail] 

Optional)  Display  IGMP  querier  information  for  the  specified  VLAN.  The 

range  is  1  to  1001  and  1006  to  4094.  Use  the  detail  keyword  to  display 

detailed  information. 

Command  Modes 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SED 

This  command  was  introduced. 

Usage  Guidelines 


Use  the  show  ip  igmp  snooping  querier  command  to  display  the  IGMP  version  and  the  IP  address  of  a 
detected  device,  also  called  a  querier,  that  sends  IGMP  query  messages.  A  subnet  can  have  multiple 
multicast  routers  but  has  only  one  IGMP  querier.  In  a  subnet  running  IGMPv2,  one  of  the  multicast 
routers  is  elected  as  the  querier.  The  querier  can  be  a  Layer  3  switch. 

The  show  ip  igmp  snooping  querier  command  output  also  shows  the  VLAN  and  the  interface  on  which 
the  querier  was  detected.  If  the  querier  is  the  switch,  the  output  shows  the  Port  field  as  Router.  If  the 
querier  is  a  router,  the  output  shows  the  port  number  on  which  the  querier  is  learned  in  the  Port  field. 

The  show  ip  igmp  snooping  querier  detail  user  EXEC  command  is  similar  to  the  show  ip  igmp 
snooping  querier  command.  However,  the  show  ip  igmp  snooping  querier  command  displays  only  the 
device  IP  address  most  recently  detected  by  the  switch  querier. 

The  show  ip  igmp  snooping  querier  detail  command  displays  the  device  IP  address  most  recently 
detected  by  the  switch  querier  and  this  additional  information: 

•  The  elected  IGMP  querier  in  the  VLAN 

•  The  configuration  and  operational  information  pertaining  to  the  switch  querier  (if  any)  that  is 
configured  in  the  VLAN 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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Examples 


This  is  an  example  of  output  from  the  show  ip  igmp  snooping  querier  command: 


Switch>  show  ip  igmp  snooping  querier 

Vlan  IP  Address  IGMP  Version 


120 
129 


130 . 1.1.1 
172.20.129.1 


v3 
v2 


Gi0/10 
GiO/14 


This  is  an  example  of  output  from  the  show  ip  igmp  snooping  querier  detail  command: 

Switch>  show  ip  igmp  snooping  querier  detail 


Vlan  IP  Address 

1  1.1.1.1 


IGMP  Version  Port 
v2  Fa0/1 


Global  IGMP  switch  querier  status 


admin  state 
admin  version 
source  IP  address 
query- interval  (sec) 
max-response-time  (sec) 
querier-timeout  (sec) 
ten  query  count 
ten  query  interval  (sec) 


Enabled 
2 

0.0.0.0 

60 
10 
120 
2 

10 


Vlan  1:       IGMP  switch  querier  status 


elected  querier  is  1.1.1.1 


on  port  Gi0/1 


admin  state 
admin  version 
source  IP  address 
query- interval  (sec) 
max-response-time  (sec) 
querier-timeout  (sec) 
ten  query  count 
ten  query  interval  (sec) 
operational  state 
operational  version 
ten  query  pending  count 


Enabled 

2 

10 . 1 . 1 . 65 

60 
10 
120 
2 

10 

Non-Querier 

2 

0 


Related  Commands      Command  Description 


ip  igmp  snooping 

Enables  IGMP  snooping  on  the  switch  or  on  a  VLAN. 

ip  igmp  snooping  querier 

Enables  the  IGMP  querier  function  in  Layer  2  networks. 

show  ip  igmp  snooping 

Displays  IGMP  snooping  multicast  router  ports  for  the  switch  or 
for  the  specified  multicast  VLAN. 
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show  lacp  I 


show  lacp 


Use  the  show  lacp  user  EXEC  command  to  display  Link  Aggregation  Control  Protocol  (LACP) 
channel-group  information. 

show  lacp  [channel-group-number]  {counters  I  internal  I  neighbor  I  sys-id}  [  I  {begin  I  exclude  I 

include)  expression] 


Syntax  Description 

channel-group-number 

(Optional)  Number  of  the  channel  group.  The  range  is  1  to  48. 

counters 

Display  traffic  information. 

internal 

Display  internal  information. 

neighbor 

Display  neighbor  information. 

sys-id 

Display  the  system  identifier  that  is  being  used  by  LACP.  The  system 
identifier  is  made  up  of  the  LACP  system  priority  and  the  switch  MAC 
address. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  can  enter  any  show  lacp  command  to  display  the  active  channel-group  information.  To  display 
specific  channel  information,  enter  the  show  lacp  command  with  a  channel-group  number. 

If  you  do  not  specify  a  channel  group,  information  for  all  channel  groups  appears. 

You  can  enter  the  channel-group-number  option  to  specify  a  channel  group  for  all  keywords  except 
sys-id. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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Examples  This  is  an  example  of  output  from  the  show  lacp  counters  user  EXEC  command.  Table  2-24  describes 

the  fields  in  the  display. 

Switch>  show  lacp  counters 

LACPDUs  Marker  Marker  Response  LACPDUs 

Port  Sent       Recv  Sent       Recv  Sent       Recv  Pkts  Err 


Channel  group : 1 

GiO/11  19  10  0  0  0  0  0 

Gi0/12  14  6  0  0  0  0  0 


Table  2-24         show  lacp  counters  Field  Descriptions 


Field 

Description 

LACPDUs  Sent  and  Recv 

The  number  of  LACP  packets  sent  and  received  by  a  port. 

Marker  Sent  and  Recv 

The  number  of  LACP  marker  packets  sent  and  received  by  a  port. 

Marker  Response  Sent  and  Recv 

The  number  of  LACP  marker  response  packets  sent  and  received 
by  a  port. 

LACPDUs  Pkts  and  En- 

The  number  of  unknown  and  illegal  packets  received  by  LACP 
for  a  port. 

This  is  an  example  of  output  from  the  show  lacp  internal  command: 

Switch>  show  lacp  1  internal 

Flags:     S  -  Device  is  requesting  Slow  LACPDUs 
F  -  Device  is  requesting  Fast  LACPDUs 

A  -  Device  is  in  Active  mode  P  -  Device  is  in  Passive  mode 


Channel  group  1 

LACP  port  Admin  Oper  Port  Port 

Port                Flags       State           Priority  Key  Key  Number  State 

Gi0/ll               SA             bndl             32768                    0x3  0x3  0x4  0x3D 

Gi0/12                SA             bndl             32768                    0x3  0x3  0x5  0x3D 
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show  lacp  I 


Table  2-25  describes  the  fields  in  the  display: 


Table  2-25        show  lacp  internal  Field  Descriptions 


Field 

Description 

State 

State  of  the  specific  port.  These  are  the  allowed  values: 
•  Port  is  in  an  unknown  state. 

•  bndl — Port  is  attached  to  an  aggregator  and  bundled  with 
other  ports. 

•  susp — Port  is  in  a  suspended  state;  it  is  not  attached  to  any 
aggregator. 

•  hnt.cn v      Port"  ic  in  a  not-ctiinri r\\f  ctiitp 
iiui  isuy  run  is  111  a  iiul  aiaiiuuy  mjil, 

•  indiv — Port  is  incapable  of  bundling  with  any  other  port. 

•  indep — Port  is  in  an  independent  state  (not  bundled  but  able 
to  switch  data  traffic.  In  this  case,  LACP  is  not  running  on 
the  partner  port). 

•  down — Port  is  down. 

LACP  Port  Priority 

Port  priority  setting.  LACP  uses  the  port  priority  to  put  ports  s 
in  standby  mode  when  there  is  a  hardware  limitation  that 
prevents  all  compatible  ports  from  aggregating. 

Admin  Key 

Administrative  key  assigned  to  this  port.  LACP  automatically 
generates  an  administrative  key  value  as  a  hexadecimal  number. 
The  administrative  key  defines  the  ability  of  a  port  to  aggregate 
with  other  ports.  A  port's  ability  to  aggregate  with  other  ports  is 
determined  by  the  port  physical  characteristics  (for  example, 
data  rate  and  duplex  capability)  and  configuration  restrictions 
that  you  establish. 

Oper  Key 

Runtime  operational  key  that  is  being  used  by  this  port.  LACP 
automatically  generates  this  value  as  a  hexadecimal  number. 

Port  Number 

Port  number. 

Port  State 

State  variables  for  the  port,  encoded  as  individual  bits  within  a 
single  octet  with  these  meanings: 

•  bitO:  LACP_ Activity 

•  bitl:  LACP_Timeout 

•  bit2:  Aggregation 

•  bit3:  Synchronization 

•  bit4:  Collecting 

•  bit5:  Distributing 

•  bit6:  Defaulted 

•  bit7:  Expired 

Note     In  the  list  above,  bit7  is  the  MSB  and  bitO  is  the  LSB. 
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This  is  an  example  of  output  from  the  show  lacp  neighbor  command: 


Switch>  show  lacp  neighbor 

Flags:      S  -  Device  is  sending  Slow  LACPDUs  F 
A  -  Device  is  in  Active  mode  P 


Device  is  sending  Fast  LACPDUs 
Device  is  in  Passive  mode 


Channel  group  3  neighbors 
Partner's  information: 


Partner  Partner 
Port  System  ID  Port  Number  Age 

GiO/11         32768, 0007. eb49.5e80     OxC  19s 


Partner 

Flags 

SP 


LACP  Partner 
Port  Priority 
32768 


Partner 
Oper  Key 
0x3 


Partner 
Port  State 
0x3C 


Partner's  information: 


Port 
GiO/12 


Partner 
System  ID 


Partner 
Port  Number 


32768, 0007. eb49.5e80  OxD 


Age 
15s 


Partner 

Flags 

SP 


LACP  Partner 
Port  Priority 
32768 


Partner 
Oper  Key 
0x3 


Partner 
Port  State 
0x3C 


This  is  an  example  of  output  from  the  show  lacp  sys-id  command: 

Switch>  show  lacp  sys-id 

32765, 0002. 4b29.3a00 


The  system  identification  is  made  up  of  the  system  priority  and  the  system  MAC  address.  The  first  two 
bytes  are  the  system  priority,  and  the  last  six  bytes  are  the  globally  administered  individual  MAC  address 
associated  to  the  system. 


Related  Commands      Command  Description 


clear  ip  dhcp  snooping 

Clears  the  LACP  channel-group  information. 

lacp  port-priority 

Configures  the  LACP  port  priority. 

lacp  system-priority 

Configures  the  LACP  system  priority. 
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show  link  state  group 

Use  the  show  link  state  group  global  configuration  command  to  display  the  link-state  group 
information. 

show  link  state  group  [number]  [detail] 


Syntax  Description      number  (Optional)  Number  of  the  link-state  group. 

detail  (Optional)  Specify  that  detailed  information  appears. 


Defaults  There  is  no  default. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced. 


Usage  Guidelines       Use  the  show  link  state  group  command  to  display  the  link-state  group  information.  Enter  this 

command  without  keywords  to  display  information  about  all  link-state  groups.  Enter  the  group  number 
to  display  information  specific  to  the  group. 

Enter  the  detail  keyword  to  display  detailed  information  about  the  group.  The  output  for  the  show  link 
state  group  detail  command  displays  only  those  link-state  groups  that  have  link-state  tracking  enabled 
or  that  have  upstream  or  downstream  interfaces  (or  both)  configured.  If  there  is  no  link-state  group 
configuration  for  a  group,  it  is  not  shown  as  enabled  or  disabled. 


Examples  This  is  an  example  of  output  from  the  show  link  state  group  1  command: 

Switch>  show  link  state  group  1 

Link  State  Group:   1  Status:   Enabled,  Up 

This  is  an  example  of  output  from  the  show  link  state  group  detail  command: 

Switch>  show  link  state  group  detail 

Link  State  Group:   1  Status:   Enabled,  Up 

Upstream  Interfaces       :   Pol (Up) 

Downstream  Interfaces   :   GiO/3 (Up)  GiO/4(Up) 

Link  State  Group:   2  Status:   Disabled,  Down 

Upstream  Interfaces  : 
Downstream  Interfaces  : 

(Up) : Interface  up       (Dwn) : Interface  Down       (Dis ): Interface  disabled 
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Related  Commands      Command  Description 


link  state  group 

Configures  an  interface  as  a  member  of  a  link-state  group. 

link  state  track 

Enables  a  link-state  group. 

show  running-config 

Displays  the  current  operating  configuration.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference 

for  Release  12.2  >  Cisco  IOS  File  Management  Commands  > 

Configuration  File  Commands. 
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show  mac  access-group  I 


show  mac  access-group 


Use  the  show  mac  access-group  user  EXEC  command  to  display  the  MAC  access  control  lists  (ACLs) 
configured  for  an  interface  or  a  switch. 

show  mac  access-group  [interface  interface-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

interface  interface-id 

(Optional)  Display  the  MAC  ACLs  configured  on  a  specific  interface.  Valid 
interfaces  are  physical  ports  and  port  channels;  the  port-channel  range  is  1 
to  48  (available  only  in  privileged  EXEC  mode). 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac-access  group  user  EXEC  command.  In  this  display, 
port  2  has  the  MAC  access  list  macl_el  applied;  no  MAC  ACLs  are  applied  to  other  interfaces. 

Switch>  show  mac  access-group 

Interface  GigabitEthernetO/1 : 

Inbound  access-list  is  not  set 
Interface  GigabitEthernetO/2 : 

Inbound  access-list  is  macl_el 
Interface  GigabitEthernetO/3 : 

Inbound  access-list  is  not  set 
Interface  GigabitEthernetO/4 : 

Inbound  access-list  is  not  set 

<output  truncated> 

This  is  an  example  of  output  from  the  show  mac  access-group  interface  gigabitethernetO/1  command: 

Switch#  show  mac  access-group  interface  gigabitethernetO/1 

Interface  GigabitEthernetO / 1 : 

Inbound  access-list  is  macl_el 
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M     show  mac  access-group 


Related  Commands      Command  Description 

mac  access-group  Applies  a  MAC  access  group  to  an  interface. 
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show  mac  address-table  M 


show  mac  address-table 

Use  the  show  mac  address-table  user  EXEC  command  to  display  a  specific  MAC  address  table  static 
and  dynamic  entry  or  the  MAC  address  table  static  and  dynamic  entries  on  a  specific  interface  or  VLAN. 

show  mac  address-table  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description       I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 


1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  mac  address-table  command: 

Switch>  show  mac  address-table 

Mac  Address  Table 


Vlan 

Mac  Address 

Type 

Ports 

All 

0000 

.0000. 

.0001 

STATIC 

CPU 

All 

0000 

.  0000 

.  0002 

STATIC 

CPU 

All 

0000 

.0000. 

.0003 

STATIC 

CPU 

All 

0000 

.0000 

.0009 

STATIC 

CPU 

All 

0000 

.0000. 

.  0012 

STATIC 

CPU 

All 

0180 

.c200. 

,000b 

STATIC 

CPU 

All 

0180 

.c200. 

,000c 

STATIC 

CPU 

All 

0180 

,c200. 

,000d 

STATIC 

CPU 

All 

0180 

.c200 

,000e 

STATIC 

CPU 

All 

0180 

,c200. 

,000f 

STATIC 

CPU 

All 

0180 

.c200. 

,0010 

STATIC 

CPU 

1 

0030 

. 9441 . 

,6327 

DYNAMIC 

Gi0/4 

Total  Mac  Addresses  for  this  criterion:  12 
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Related  Commands      Command  Description 

clear  mac  address-table  dynamic       Deletes  from  the  MAC  address  table  a  specific  dynamic 

address,  all  dynamic  addresses  on  a  particular  interface,  or  all 
dynamic  addresses  on  a  particular  VLAN. 

show  mac  address-table  aging-time    Displays  the  aging  time  in  all  VLANs  or  the  specified  VLAN. 

show  mac  address-table  count  Displays  the  number  of  addresses  present  in  all  VLANs  or  the 

specified  VLAN. 

show  mac  address-table  dynamic       Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface      Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table  notification  Displays  the  MAC  address  notification  settings  for  all 

interfaces  or  the  specified  interface. 

show  mac  address-table  static  Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan  Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 
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show  mac  address-table  address  H 


show  mac  address-table  address 


Use  the  show  mac  address-table  address  user  EXEC  command  to  display  MAC  address  table 
information  for  the  specified  MAC  address. 

show  mac  address-table  address  mac-address  [interface  interface-id]  [vlan  vlan-id]  [  I  {begin  I 
exclude  I  include}  expression] 


Syntax  Description 

mac-address 

Specify  the  48-bit  MAC  address;  the  valid  format  is  H.H.H. 

interface  interface-id 

(Optional)  Display  information  for  a  specific  interface.  Valid  interfaces 

include  physical  ports  and  port  channels. 

vlan  vlan-id 

(Optional)  Display  entries  for  the  specific  VLAN  only.  The  range  is  1 

to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  address  command: 

Switch!?  show  mac  address-table  address  0002  . 4b28  . c482 

Mac  Address  Table 


Vlan 


Mac  Address 


Type  Ports 


All         0002 . 4b28 . C482     STATIC  CPU 
Total  Mac  Addresses  for  this  criterion:  1 


Related  Commands  Command 


Description 


show  mac  address-table  aging-time    Displays  the  aging  time  in  all  VLANs  or  the  specified  VLAN. 


show  mac  address-table  count 
show  mac  address-table  dynamic 


Displays  the  number  of  addresses  present  in  all  VLANs  or  the 
specified  VLAN. 

Displays  dynamic  MAC  address  table  entries  only. 
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Command 

Description 

show  mac  address-table  interface 

Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table  notification 

Displays  the  MAC  address  notification  settings  for  all 

interfaces  or  the  specified  interface. 

show  mac  address-table  static 

Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan 

Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 
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show  mac  address-table  aging-time  M 


show  mac  address-table  aging-time 


Use  the  show  mac  address-table  aging-time  user  EXEC  command  to  display  the  aging  time  of  a 
specific  address  table  instance,  all  address  table  instances  on  a  specified  VLAN  or,  if  a  specific  VLAN 
is  not  specified,  on  all  VLANs. 

show  mac  address-table  aging-time  [vlan  vlan-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


vlan  vlan-id 

(Optional)  Display  aging  time  information  for  a  specific  VLAN.  The  range 

is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  no  VLAN  number  is  specified,  the  aging  time  for  all  VLANs  appears. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  aging-time  command: 

Switch>  show  mac  address-table  aging-time 

Vlan        Aging  Time 


300 


This  is  an  example  of  output  from  the  show  mac  address-table  aging-time  vlan  10  command: 

Switch>  show  mac  address-table  aging-time  vlan  10 

Vlan        Aging  Time 


10 


300 


Related  Commands  Command 


Description 


mac  address-table  aging-time 


Sets  the  length  of  time  that  a  dynamic  entry  remains  in  the  MAC 
address  table  after  the  entry  is  used  or  updated. 


show  mac  address-table  address 


Displays  MAC  address  table  information  for  the  specified  MAC 
address. 
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Command 

Description 

show  mac  address-table  count 

Displays  the  number  of  addresses  present  in  all  VLANs  or  the 

specified  VLAN. 

show  mac  address-table  dynamic 

Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface 

Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table 

Displays  the  MAC  address  notification  settings  for  all  interfaces 

notification 

or  the  specified  interface. 

show  mac  address-table  static 

Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan 

Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 
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show  mac  address-table  count  M 


show  mac  address-table  count 


Use  the  show  mac  address-table  count  user  EXEC  command  to  display  the  number  of  addresses  present 
in  all  VLANs  or  the  specified  VLAN. 

show  mac  address-table  count  [vlan  vlan-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

vlan  vlan-id 

(Optional)  Display  the  number  of  addresses  for  a  specific  VLAN.  The  range  is  1 
to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       If  no  VLAN  number  is  specified,  the  address  count  for  all  VLANs  appears. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  count  command: 


Switch#  show  mac  address-table  count 

Mac  Entries  for  Vlan       :  1 


Dynamic  Address  Count 
Static  Address  Count 
Total  Mac  Addresses 
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Related  Commands      Command  Description 


show  mac  address-table  address 

Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time 

Displays  the  aging  time  in  all  VLANs  or  the  specified  VLAN. 

show  mac  address-table  dynamic 

Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface 

Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table 

Displays  the  MAC  address  notification  settings  for  all 

notification 

interfaces  or  the  specified  interface. 

show  mac  address-table  static 

Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan 

Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 

2-384 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  BladeSystem  Command  Reference  Guide 


380265-003  I 


I  Chapter  2  CGESM  Switch  Cisco  IPS  Commands 


show  mac  address-table  dynamic  EM 


show  mac  address-table  dynamic 


Use  the  show  mac  address-table  dynamic  user  EXEC  command  to  display  only  dynamic  MAC  address 
table  entries. 

show  mac  address-table  dynamic  [address  mac-address]  [interface  interface-id]  [vlan  vlan-id] 
[  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

address  mac-address 

(Optional)  Specify  a  48-bit  MAC  address;  the  valid  format  is  H.H.H 

(available  in  privileged  EXEC  mode  only). 

interface  interface-id 

(Optional)  Specify  an  interface  to  match;  valid  interfaces  include  physical 

ports  and  port  channels. 

vlan  vlan-id 

(Optional)  Display  entries  for  a  specific  VLAN;  the  range  is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  dynamic  command: 


Switch>  show  mac  address-table  dynamic 

Mac  Address  Table 


Vlan 


Mac  Address 


Type 


Ports 


1         0030 .b635 . 7862     DYNAMIC  Gi0/2 
1         OObO. 6496. 2741     DYNAMIC  GiO/2 
Total  Mac  Addresses  for  this  criterion:  2 
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Related  Commands      Command  Description 

clear  mac  address-table  dynamic       Deletes  from  the  MAC  address  table  a  specific  dynamic 

address,  all  dynamic  addresses  on  a  particular  interface,  or  all 
dynamic  addresses  on  a  particular  VLAN. 

show  mac  address-table  address        Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time    Displays  the  aging  time  in  all  VLANs  or  the  specified  VLAN. 

show  mac  address-table  count  Displays  the  number  of  addresses  present  in  all  VLANs  or  the 

specified  VLAN. 

show  mac  address-table  interface      Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table  static  Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan  Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 


2-386 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  BladeSystem  Command  Reference  Guide 


380265-003  I 


I  Chapter  2  CGESM  Switch  Cisco  IPS  Commands 


show  mac  address-table  interface  II 


show  mac  address-table  interface 


Use  the  show  mac  address-table  interface  user  command  to  display  the  MAC  address  table  information 
for  the  specified  interface  in  the  specified  VLAN. 

show  mac  address-table  interface  interface-id  [vlan  vlan-id]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 

interface-id 

Specify  an  interface  type;  valid  interfaces  include  physical  ports  and  port 

channels. 

vlan  vlan-id 

(Optional)  Display  entries  for  a  specific  VLAN;  the  range  is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  interface  command: 

Switch>  show  mac  address-table  interface  gigabitethernetO/2 

Mac  Address  Table 


Vlan 


Mac  Address 


Type 


Ports 


1         0030 .b635 . 7862     DYNAMIC  Gi0/2 
1         OObO . 6496 . 2741     DYNAMIC  Gi0/2 
Total  Mac  Addresses  for  this  criterion:  2 
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Related  Commands      Command  Description 

show  mac  address-table  address  Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time      Displays  the  aging  time  in  all  VLANs  or  the  specified 

VLAN. 

show  mac  address-table  count  Displays  the  number  of  addresses  present  in  all  VLANs  or 

the  specified  VLAN. 

show  mac  address-table  dynamic         Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  notification     Displays  the  MAC  address  notification  settings  for  all 

interfaces  or  the  specified  interface. 

show  mac  address-table  static  Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan  Displays  the  MAC  address  table  information  for  the 

specified  VLAN. 
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show  mac  address-table  move  update  H 


show  mac  address-table  move  update 

Use  the  show  mac  address-table  move  update  user  EXEC  command  to  display  the  MAC  address-table 
move  update  information  on  the  switch. 

show  mac  address-table  move  update  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description      I  begin  (Optional)  Display  begins  with  the  line  that  matches  the  expression. 


1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        User  EXEC 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced. 


Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  mac  address-table  move  update  command: 

Switch>  show  mac  address-table  move  update 

Switch-ID   :    010b. 4630 . 1780 

Dst  mac-address   :   0180 . c200 . 0010 

Vlans/Macs  supported   :  1023/8320 

Default/Current  settings:   Rev  Off /On,   Xmt  Off /On 

Max  packets  per  min  :   Rev  40,   Xmt  60 

Rev  packet  count    :  10 

Rev  conforming  packet  count   :  5 

Rev  invalid  packet  count   :  0 

Rev  packet  count  this  min  :  0 

Rev  threshold  exceed  count   :  0 

Rev  last  sequence*  this  min  :  0 

Rev  last  interface   :  Po2 

Rev  last  sre-mac-address   :   0003 . f d6a . 87 01 

Rev  last  switch-ID   :    0303 . fd63 . 7600 

Xmt  packet  count   :  0 

Xmt  packet  count  this  min  :  0 

Xmt  threshold  exceed  count   :  0 

Xmt  pak  buf  unavail  cnt   :  0 

Xmt  last  interface   :  None 

switch* 
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Related  Commands      Command  Description 

clear  mac  address-table  move  Clears  the  MAC  address-table  move  update  counters, 
update 

mac  address-table  move  update  Configures  MAC  address-table  move  update  on  the  switch, 
{receive  I  transmit} 
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show  mac  address-table  notification  11 


show  mac  address-table  notification 


Use  the  show  mac  address-table  notification  user  EXEC  command  to  display  the  MAC  address 
notification  settings  for  all  interfaces  or  the  specified  interface. 

show  mac  address-table  notification  [interface  [interface-id]]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description  interface 


(Optional)  Display  information  for  all  interfaces.  Valid  interfaces  include 
physical  ports  and  port  channels. 


interface-id 

(Optional)  Display  information  for  the  specified  interface.  Valid  interfaces 

include  physical  ports  and  port  channels. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Use  the  show  mac  address-table  notification  command  without  any  keywords  to  display  whether  the 
feature  is  enabled  or  disabled,  the  MAC  notification  interval,  the  maximum  number  of  entries  allowed 
in  the  history  table,  and  the  history  table  contents. 

Use  the  interface  keyword  to  display  the  flags  for  all  interfaces.  If  the  interface-id  is  included,  only  the 
flags  for  that  interface  appear. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  notification  command: 

Switch>  show  mac  address-table  notification 

MAC  Notification  Feature  is  Enabled  on  the  switch 
Interval  between  Notification  Traps   :   60  sees 
Number  of  MAC  Addresses  Added  :  4 
Number  of  MAC  Addresses  Removed  :  4 
Number  of  Notifications  sent  to  NMS   :  3 

Maximum  Number  of  entries  configured  in  History  Table   :  100 
Current  History  Table  Length  :  3 
MAC  Notification  Traps  are  Enabled 
History  Table  contents 
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History  Index  0,   Entry  Timestamp  1032254,   Despatch  Timestamp  1032254 
MAC  Changed  Message  : 

Operation:  Added      Vlan:   2  MAC  Addr:    0000.0000.0001  Module:    0       Port:  1 


History  Index  1,  Entry  Timestamp  1038254,  Despatch  Timestamp  1038254 
MAC  Changed  Message  : 


Operation: 

Added 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0000 

Module : 

0 

Port : 

1 

Operation: 

Added 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0002 

Module : 

0 

Port : 

1 

Operation : 

Added 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0003 

Module : 

0 

Port : 

1 

History  Index  2,  Entry  Timestamp  1074254,  Despatch  Timestamp  1074254 
MAC  Changed  Message  : 


Operation: 

Deleted 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0000 

Module : 

0 

Port : 

1 

Operation : 

Deleted 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0001 

Module : 

0 

Port : 

1 

Operation : 

Deleted 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0002 

Module : 

0 

Port : 

1 

Operation : 

Deleted 

Vlan: 

2 

MAC 

Addr: 

0000 

0000 

0003 

Module : 

0 

Port : 

1 

Related  Commands      Command  Description 


clear  mac  address-table  notification 

Clears  the  MAC  address  notification  global  counters. 

show  mac  address-table  address 

Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time 

Displays  the  aging  time  in  all  VLANs  or  the  specified  VLAN. 

show  mac  address-table  count 

Displays  the  number  of  addresses  present  in  all  VLANs  or  the 

specified  VLAN. 

show  mac  address-table  dynamic 

Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface 

Displays  the  MAC  address  table  information  for  the  specified 

interface. 

show  mac  address-table  static 

Displays  static  MAC  address  table  entries  only. 

show  mac  address-table  vlan 

Displays  the  MAC  address  table  information  for  the  specified 

VLAN. 
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show  mac  address-table  static  US 


show  mac  address-table  static 


Use  the  show  mac  address-table  static  user  EXEC  command  to  display  only  static  MAC  address  table 
entries. 

show  mac  address-table  static  [address  mac-address]  [interface  interface-id]  [vlan  vlan-id] 
[  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

address  mac-address 

(Optional)  Specify  a  48-bit  MAC  address;  the  valid  format  is  H.H.H 
(available  in  privileged  EXEC  mode  only). 

interface  interface-id 

(Optional)  Specify  an  interface  to  match;  valid  interfaces  include  physical 
ports  and  port  channels. 

vlan  vlan-id 

(Optional)  Display  addresses  for  a  specific  VLAN.  The  range  is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mac  address-table  static  command: 

Switch>  show  mac  address-table  static 

Mac  Address  Table 


Vlan 

Mac  Address 

Type 

Ports 

All 

0100 

.  Occc . 

.  cccc 

STATIC 

CPU 

All 

0180 

.c200 

.  0000 

STATIC 

CPU 

All 

0100 

.  Occc . 

.  cccd 

STATIC 

CPU 

All 

0180 

.c200. 

.0001 

STATIC 

CPU 

All 

0180 

,c200. 

.0004 

STATIC 

CPU 

All 

0180 

.c200. 

,0005 

STATIC 

CPU 

4 

0001 

.0002. 

.0004 

STATIC 

Drop 

6 

0001 

.  0002 . 

.  0007 

STATIC 

Drop 

Total  Mac  Addresses  for  this  criterion: 
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Related  Commands      Command  Description 

mac  address-table  static  Adds  static  addresses  to  the  MAC  address  table. 

mac  address-table  static  drop  Enables  unicast  MAC  address  filtering  and  configures  the 

switch  to  drop  traffic  with  a  specific  source  or  destination 
MAC  address. 

show  mac  address-table  address  Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time      Displays  the  aging  time  in  all  VLANs  or  the  specified 

VLAN. 

show  mac  address-table  count  Displays  the  number  of  addresses  present  in  all  VLANs  or 

the  specified  VLAN. 

show  mac  address-table  dynamic         Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface         Displays  the  MAC  address  table  information  for  the 

specified  interface. 

show  mac  address-table  notification     Displays  the  MAC  address  notification  settings  for  all 

interfaces  or  the  specified  interface. 

show  mac  address-table  vlan  Displays  the  MAC  address  table  information  for  the 

specified  VLAN. 
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show  mac  address-table  vlan  H 


show  mac  address-table  vlan 

Use  the  show  mac  address-table  vlan  user  EXEC  command  to  display  the  MAC  address  table 
information  for  the  specified  VLAN. 

show  mac  address-table  vlan  vlan-id  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description       vlan-id  (Optional)  Display  addresses  for  a  specific  VLAN.  The  range  is  1  to  4094. 


1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  mac  address-table  vlan  1  command: 

Switch>  show  mac  address-table  vlan  1 

Mac  Address  Table 


Vlan 

Mac  Address 

Type 

Ports 

1 

0100 

.  Occc 

.  cccc 

STATIC 

CPU 

1 

0180 

,c200. 

.  0000 

STATIC 

CPU 

1 

0100 

.  Occc . 

.  cccd 

STATIC 

CPU 

1 

0180 

,c200. 

.0001 

STATIC 

CPU 

1 

0180 

,c200. 

.0002 

STATIC 

CPU 

1 

0180 

,c200 

.0003 

STATIC 

CPU 

1 

0180 

,c200. 

.0005 

STATIC 

CPU 

1 

0180 

,c200 

.0006 

STATIC 

CPU 

1 

0180 

.c200. 

.0007 

STATIC 

CPU 

Total  Mac  Addresses  for  this  criterion:  9 
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Related  Commands      Command  Description 

show  mac  address-table  address  Displays  MAC  address  table  information  for  the  specified 

MAC  address. 

show  mac  address-table  aging-time      Displays  the  aging  time  in  all  VLANs  or  the  specified 

VLAN. 

show  mac  address-table  count  Displays  the  number  of  addresses  present  in  all  VLANs  or 

the  specified  VLAN. 

show  mac  address-table  dynamic         Displays  dynamic  MAC  address  table  entries  only. 

show  mac  address-table  interface         Displays  the  MAC  address  table  information  for  the 

specified  interface. 

show  mac  address-table  notification     Displays  the  MAC  address  notification  settings  for  all 

interfaces  or  the  specified  interface. 

show  mac  address-table  static  Displays  static  MAC  address  table  entries  only. 
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show  mis  qos 


show  mis  qos 


Use  the  show  mis  qos  user  EXEC  command  to  display  global  quality  of  service  (QoS)  configuration 
information. 

show  mis  qos  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


Related  Commands  Command 

mis  qos 


Description 

Enables  QoS  for  the  entire  switch. 
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show  mis  qos  aggregate-policer 


Use  the  show  mis  qos  aggregate-policer  user  EXEC  command  to  display  the  quality  of  service  (QoS) 
aggregate  policer  configuration.  A  policer  defines  a  maximum  permissible  rate  of  transmission,  a 
maximum  burst  size  for  transmissions,  and  an  action  to  take  if  either  maximum  is  exceeded. 

show  mis  qos  aggregate-policer  [aggregate-policer-name]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 

aggregate-policer-name 

(Optional)  Display  the  policer  configuration  for  the  specified  name. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mis  qos  aggregate-policer  command: 

Switch>  show  mis  qos  aggregate-policer  pollcerl 

aggregate-policer  policerl  1000000  2000000  exceed-action  drop 
Not  used  by  any  policy  map 


Related  Commands 


Command 

mis  qos  aggregate-policer 


Description 

Defines  policer  parameters  that  can  be  shared  by  multiple  classes 
within  a  policy  map. 
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show  mis  qos  input-queue 


Use  the  show  mis  qos  input-queue  user  EXEC  command  to  display  quality  of  service  (QoS)  settings 
for  the  ingress  queues. 

show  mis  qos  input-queue  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


User  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mis  qos  input-queue  command: 

Switch>  show  mis  qos  input-queue 

Queue  :  1  2 


buffers 

bandwidth 

priority 

thresholdl 

threshold2 


90 

4 

0 

100 
100 


10 
4 

10 

100 

100 
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Related  Commands  Command 


Description 


mis  qos  srr-queue  input  bandwidth 


mis  qos  srr-queue  input  buffers 


Assigns  shaped  round  robin  (SRR)  weights  to  an  ingress 
queue. 

Allocates  the  buffers  between  the  ingress  queues. 


mis  qos  srr-queue  input  cos-map 


Maps  assigned  class  of  service  (CoS)  values  to  an  ingress 
queue  and  assigns  CoS  values  to  a  queue  and  to  a  threshold 
ID. 


mis  qos  srr-queue  input  dscp-map 


Maps  assigned  Differentiated  Services  Code  Point  (DSCP) 
values  to  an  ingress  queue  and  assigns  DSCP  values  to  a 
queue  and  to  a  threshold  ID. 


mis  qos  srr-queue  input 
priority- queue 

mis  qos  srr-queue  input  threshold 


Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 

Assigns  weighted  tail-drop  (WTD)  threshold  percentages  to 
an  ingress  queue. 
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show  mis  qos  interface  M 


show  mis  qos  interface 


Use  the  show  mis  qos  interface  user  EXEC  command  to  display  quality  of  service  (QoS)  information 
at  the  port  level. 

show  mis  qos  interface  [interface-id]  [buffers  I  queueing  I  statistics] 
[  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


interface-id  (Optional)  Display  QoS  information  for  the  specified  port.  Valid  interfaces 

include  physical  ports. 

buffers  (Optional)  Display  the  buffer  allocation  among  the  queues. 


queueing 


statistics 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  the  queueing  strategy  (shared  or  shaped)  and  the  weights 
corresponding  to  the  queues. 

(Optional)  Display  statistics  for  sent  and  received  Differentiated  Services  Code 
Points  (DSCPs)  and  class  of  service  (CoS)  values,  the  number  of  packets 
enqueued  or  dropped  per  egress  queue,  and  the  number  of  in-profile  and 
out-of-profile  packets  for  each  policer. 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Note 


Though  visible  in  the  command-line  help  string,  the  policers  keyword  is  not  supported. 


Command  Modes        User  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mis  qos  interface  interface-id  command  when  VLAN-based 
QoS  is  enabled: 

Switch>  show  mis  qos  interface  gigabitethernetO/1 

GigabitEthernetO/1 
trust  state  mot  trusted 
trust  mode: not  trusted 
trust  enabled  flag:ena 
COS  override :dis 
default  COS:0 
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DSCP  Mutation  Map: Default  DSCP  Mutation  Map 
Trust  device: none 
qos  mode:vlan-based 

This  is  an  example  of  output  from  the  show  mis  qos  interface  interface-id  command  when  VLAN-based 
QoS  is  disabled: 

Switch>  show  mis  qos  interface  gigabitethernetO/2 

GigabitEthernetO/2 
trust  state:not  trusted 
trust  mode: not  trusted 
trust  enabled  flag:ena 
COS  override :dis 
default  COS:0 

DSCP  Mutation  Map: Default  DSCP  Mutation  Map 
Trus  t  devi  c  e : none 
qos  mode : port-based 

This  is  an  example  of  output  from  the  show  mis  qos  interface  interface-id  buffers  command: 

Switch>  show  mis  qos  interface  gigabitethernetO/2  buffers 

GigabitEthernetO/2 

The  port  is  mapped  to  qset   :  1 

The  allocations  between  the  queues  are   :   25  25  25  25 

This  is  an  example  of  output  from  the  show  mis  qos  interface  interface-id  queueing  command.  The 
egress  expedite  queue  overrides  the  configured  shaped  round  robin  (SRR)  weights. 

Switch>  show  mis  qos  interface  gigabitethernetO/2  queueing 

GigabitEthernetO/2 

Egress  Priority  Queue   : enabled 

Shaped  queue  weights   (absolute)    :     25  0  0  0 

Shared  queue  weights     :     25  25  25  25 

The  port  bandwidth  limit   :   100     (Operational  Bandwidth: 100 . 0 ) 
The  port  is  mapped  to  qset   :  1 

This  is  an  example  of  output  from  the  show  mis  qos  interface  interface-id  statistics  command. 
Table  2-26  describes  the  fields  in  this  display. 

Switch>  show  mis  qos  interface  gigabitethernetO/2  statistics 

GigabitEthernetO/2 

dscp:  incoming 


0  - 

4 

4213 

0 

0 

0 

0 

5  - 

9 

0 

0 

0 

0 

0 

10  - 

14 

0 

0 

0 

0 

0 

15  - 

19 

0 

0 

0 

0 

0 

20  - 

24 

0 

0 

0 

0 

0 

25  - 

29 

0 

0 

0 

0 

0 

30  - 

34 

0 

0 

0 

0 

0 

35  - 

39 

0 

0 

0 

0 

0 

40  - 

44 

0 

0 

0 

0 

0 

45  - 

49 

0 

0 

0 

6 

0 

50  - 

54 

0 

0 

0 

0 

0 

55  - 

59 

0 

0 

0 

0 

0 

60  - 

64 

0 

0 

0 

0 

dscp:  outgoing 

0  - 

4 

363949 

0 

0 

0 

0 

5  - 

9 

0 

0 

0 

0 

0 

10  - 

14 

0 

0 

0 

0 

0 
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show  mis  qos  interface  H 


15  - 

19 

0 

0 

0 

0 

0 

20  - 

24 

0 

0 

0 

0 

0 

25  - 

29 

0 

0 

0 

0 

0 

3  0  - 

34 

0 

o 

Q 

Q 

o 

35  - 

39 

0 

0 

0 

0 

0 

40  - 

44 

0 

0 

0 

0 

0 

45  - 

49 

0 

0 

0 

0 

0 

50  - 

54 

0 

0 

0 

0 

0 

55  - 

59 

0 

0 

0 

0 

0 

60  - 

64 

0 

0 

0 

0 

COS 

incoming 

0  - 

4 

132067 

0 

0 

0 

0 

5  - 

9 

0 

0 

0 

cos:  outgoing 


0  - 
5  - 


739155 
90 


Policer:  Inprofile: 


0  Outof Prof ile : 


Table  2-26 


show  mis  qos  interface  statistics  Field  Descriptions 


Field 

Description 

DSCP 

incoming 

Number  of  packets  received  for  each  DSCP  value. 

outgoing 

Number  of  packets  sent  for  each  DSCP  value. 

CoS 

incoming 

Number  of  packets  received  for  each  CoS  value. 

outgoing 

Number  of  packets  sent  for  each  CoS  value. 

Policer 

Inprofile 

Number  of  in  profile  packets  for  each  policer. 

Outofprofile 

Number  of  out-of-profile  packets  for  each  policer. 

Related  Commands 


Command 

mis  qos  queue-set  output  buffers 


Description 

Allocates  buffers  to  a  queue-set. 


mis  qos  queue-set  output  threshold 


Configures  the  weighted  tail-drop  (WTD)  thresholds, 
guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  to  a  queue-set. 


mis  qos  srr-queue  input  bandwidth 
mis  qos  srr-queue  input  buffers 


Assigns  SRR  weights  to  an  ingress  queue. 
Allocates  the  buffers  between  the  ingress  queues. 


mis  qos  srr-queue  input  cos-map 


Maps  CoS  values  to  an  ingress  queue  or  maps  CoS  values 
to  a  queue  and  to  a  threshold  ID. 


mis  qos  srr-queue  input  dscp-map 


Maps  DSCP  values  to  an  ingress  queue  or  maps  DSCP 
values  to  a  queue  and  to  a  threshold  ID. 


mis  qos  srr-queue  input  priority-queue 

mis  qos  srr-queue  input  threshold 
mis  qos  srr-queue  output  cos-map 


Configures  the  ingress  priority  queue  and  guarantees 
bandwidth. 

Assigns  WTD  threshold  percentages  to  an  ingress  queue. 

Maps  CoS  values  to  an  egress  queue  or  maps  CoS  values  to 
a  queue  and  to  a  threshold  ID. 
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Command 

Dpsnrintinn 
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values  to  a  queue  and  to  a  threshold  ID. 

nolir  v-man 

CYpatps  or  modifies  a  nolirv  man 

priority- queue 

Enables  the  egress  expedite  queue  on  a  port. 

queue-set 

Maps  a  port  to  a  queue-set. 

srr-queue  bandwidth  limit 

Limits  the  maximum  output  on  a  port. 

srr-queue  bandwidth  shape 

Assigns  the  shaped  weights  and  enables  bandwidth  shaping 

on  the  four  egress  queues  mapped  to  a  port. 

srr-queue  bandwidth  share 

Assigns  the  shared  weights  and  enables  bandwidth  sharing 

on  the  four  egress  queues  mapped  to  a  port. 
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show  mis  qos  maps  I 


show  mis  qos  maps 


Use  the  show  mis  qos  maps  user  EXEC  command  to  display  quality  of  service  (QoS)  mapping 
information.  During  classification,  QoS  uses  the  mapping  tables  to  represent  the  priority  of  the  traffic 
and  to  derive  a  corresponding  class  of  service  (CoS)  or  Differentiated  Services  Code  Point  (DSCP)  value 
from  the  received  CoS,  DSCP,  or  IP  precedence  value. 

show  mis  qos  maps  [cos-dscp  I  cos-input-q  I  cos-output-q  I  dscp-cos  I  dscp-input-q  I 

dscp-mutation  dscp -mutation-name  I  dscp-output-q  I  ip-prec-dscp  I  policed-dscp]  [  I  {begin 
I  exclude  I  include)  expression] 


Syntax  Description 


Command  Modes 


Command  History 


cos-dscp 

(Optional)  Display  class  of  service  (CoS)-to-DSCP  map. 

cos-input-q 

(Optional)  Display  the  CoS  input  queue  threshold  map. 

cos-output-q 

(Optional)  Display  the  CoS  output  queue  threshold  map. 

dscp-cos 

(Optional)  Display  DSCP-to-CoS  map. 

dscp-input-q 

(Optional)  Display  the  DSCP  input  queue  threshold  map. 

dscp-mutation  dscp -mutation-name 

(Optional)  Display  the  specified  DSCP-to-DSCP-mutation 
map. 

dscp-output-q 

(Optional)  Display  the  DSCP  output  queue  threshold  map. 

ip-prec-dscp 

(Optional)  Display  the  IP-precedence-to-DSCP  map. 

policed-dscp 

(Optional)  Display  the  policed-DSCP  map. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the 
expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified 
expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

User  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 

The  policed-DSCP,  DSCP-to-CoS,  and  the  DSCP-to-DSCP-mutation  maps  appear  as  a  matrix.  The  dl 
column  specifies  the  most-significant  digit  in  the  DSCP.  The  d2  row  specifies  the  least-significant  digit 
in  the  DSCP.  The  intersection  of  the  dl  and  d2  values  provides  the  policed-DSCP,  the  CoS,  or  the 
mutated-DSCP  value.  For  example,  in  the  DSCP-to-CoS  map,  a  DSCP  value  of  43  corresponds  to  a  CoS 
value  of  5. 
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The  DSCP  input  queue  threshold  and  the  DSCP  output  queue  threshold  maps  appear  as  a  matrix.  The  dl 
column  specifies  the  most-significant  digit  of  the  DSCP  number.  The  d2  row  specifies  the 
least-significant  digit  in  the  DSCP  number.  The  intersection  of  the  dl  and  the  d2  values  provides  the 
queue  ID  and  threshold  ID.  For  example,  in  the  DSCP  input  queue  threshold  map,  a  DSCP  value  of  43 
corresponds  to  queue  2  and  threshold  1  (02-01). 

The  CoS  input  queue  threshold  and  the  CoS  output  queue  threshold  maps  show  the  CoS  value  in  the  top 
row  and  the  corresponding  queue  ID  and  threshold  ID  in  the  second  row.  For  example,  in  the  CoS  input 
queue  threshold  map,  a  CoS  value  of  5  corresponds  to  queue  2  and  threshold  1  (2-1). 


Examples  This  is  an  example  of  output  from  the  show  mis  qos  maps  command: 

Switch>  show  mis  qos  maps 

Policed-dscp  map: 


Dscp- 


dl 

d2  0 

1 

2 

3 

4 

5 

6 

7 

8 

9 

0 

00 

01 

02 

03 

04 

05 

06 

07 

08 

09 

1 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

2 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

3 

30 

31 

32 

33 

34 

35 

36 

37 

38 

39 

4 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

5 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

6 

60 

61 

62 

63 

cos 

map : 

dl 

d2  0 

1 

2 

3 

4 

5 

6 

7 

8 

9 

0 

00 

00 

00 

00 

00 

00 

00 

00 

01 

01 

1 

01 

01 

01 

01 

01 

01 

02 

02 

02 

02 

2 

02 

02 

02 

02 

03 

03 

03 

03 

03 

03 

3 

03 

03 

04 

04 

04 

04 

04 

04 

04 

04 

4 

05 

05 

05 

05 

05 

05 

05 

05 

06 

06 

5 

06 

06 

06 

06 

06 

06 

07 

07 

07 

07 

6 

07 

07 

07 

07 

Cos-dscp  map: 

cos:  01234567 


dscp:        0     8   16  24  32   40  48  56 

IpPrecedence-dscp  map: 

ipprec:  01234567 


dscp:        0     8   16  24  32   40  48  56 

Dscp-outputq-threshold  map: 

dl:d2         0  1  2  3  4  5  6  7  8  9 


0 

02- 

01 

02- 

01 

02- 

01 

02- 

01 

02 

-01 

02 

-01 

02 

-01 

02 

-01 

02- 

01 

02 

-01 

1 

02- 

01 

02- 

01 

02- 

01 

02- 

01 

02 

-01 

02 

-01 

03 

-01 

03 

-01 

03- 

01 

03 

-01 

2 

03- 

01 

03- 

01 

03- 

01 

03- 

01 

03 

-01 

03 

-01 

03 

-01 

03 

-01 

03- 

01 

03 

-01 

3 

03- 

01 

03- 

01 

04- 

01 

04- 

01 

04 

-01 

04 

-01 

04 

-01 

04 

-01 

04- 

01 

04 

-01 

4 

01- 

01 

01- 

01 

01- 

01 

01- 

01 

01 

-01 

01 

-01 

01 

-01 

01 

-01 

04- 

01 

04 

-01 

5 

04- 

01 

04- 

01 

04- 

01 

04- 

01 

04 

-01 

04 

-01 

04 

-01 

04 

-01 

04- 

01 

04 

-01 

6 

04- 

01 

04- 

01 

04- 

01 

04- 

01 

Dscp-inputq-threshold  map: 

dl:d2         0  1  2  3  4  5  6  7  8  9 


0  :  01-01   01-01   01-01   01-01   01-01   01-01   01-01   01-01   01-01  01-01 

1  :  01-01   01-01   01-01   01-01   01-01   01-01   01-01   01-01   01-01  01-01 
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2  :  01-01   01-01   01-01  01-01  01-01  01-01  01-01 

3  :  01-01   01-01   01-01  01-01  01-01  01-01  01-01 

4  :  02-01   02-01   02-01  02-01  02-01  02-01  02-01 

5  :  01-01   01-01   01-01  01-01  01-01  01-01  01-01 

6  :  01-01   01-01   01-01  01-01 

Cos-outputq-threshold  map: 

cos:  01234567 


queue- threshold:   2-1  2-1  3-1  3-1  4-1  1-1  4-1  4-1 

Cos-inputq-threshold  map: 

cos:  01234567 


queue-threshold:   1-1  1-1  1-1  1-1  1-1  2-1  1-1  1-1 

Dscp-dscp  mutation  map: 

Default  DSCP  Mutation  Map: 


dl 

d2  0 

1 

2 

3 

4 

5 

6 

7 

8 

9 

0 

00 

01 

02 

03 

04 

05 

06 

07 

08 

09 

1 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

2 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

3 

30 

31 

32 

33 

34 

35 

36 

37 

38 

39 

4 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

5 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

6 

60 

61 

62 

63 

Related  Commands      Command  Description 

mis  qos  map  Defines  the  CoS-to-DSCP  map,  DSCP-to-CoS  map, 

DSCP-to-DSCP-mutation  map,  IP-precedence-to-DSCP  map, 
and  the  policed-DSCP  map. 

mis  qos  srr-queue  input  cos-map      Maps  CoS  values  to  an  ingress  queue  or  maps  CoS  values  to  a 

queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  input  dscp-map    Maps  DSCP  values  to  an  ingress  queue  or  maps  DSCP  values  to 

a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  cos-map    Maps  CoS  values  to  an  egress  queue  or  maps  CoS  values  to  a 

queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  dscp-map  Maps  DSCP  values  to  an  egress  queue  or  maps  DSCP  values  to 

a  queue  and  to  a  threshold  ID. 


01-01  01-01  01-01 

01-  01  01-01  01-01 

02-  01  01-01  01-01 
01-01  01-01  01-01 
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show  mis  qos  queue-set 


Use  the  show  mis  qos  queue-set  user  EXEC  command  to  display  quality  of  service  (QoS)  settings  for 
the  egress  queues. 

show  mis  qos  queue-set  [qset-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


qset-id 

(Optional)  ID  of  the  queue-set.  Each  port  belongs  to  a  queue-set,  which  defines 
all  the  characteristics  of  the  four  egress  queues  per  port.  The  range  is  1  to  2. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 


User  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mis  qos  queue-set  command: 


Switch>  show  mis  qos  queue-set 

Queueset:  1 


Queue  : 

1 

2 

3 

4 

buffers 

25 

25 

25 

25 

thresholdl 

100 

200 

100 

100 

threshold2 

100 

200 

100 

100 

reserved 

50 

50 

50 

50 

maximum 

400 

400 

400 

400 

Queueset :  2 

Queue  : 

1 

2 

3 

4 

buffers 

25 

25 

25 

25 

thresholdl 

100 

200 

100 

100 

threshold2 

100 

200 

100 

100 

reserved 

50 

50 

50 

50 

maximum 

400 

400 

400 

400 
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show  mis  qos  queue-set  N 


Related  Commands      Command  Description 

mis  qos  queue-set  output  buffers       Allocates  buffers  to  the  queue-set. 

mis  qos  queue-set  output  threshold    Configures  the  weighted  tail-drop  (WTD)  thresholds, 

guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  of  the  queue-set. 
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show  mis  qos  vlan 


Use  the  show  mis  qos  vlan  user  EXEC  command  to  display  the  policy  maps  attached  to  a  switch  virtual 
interface  (SVI). 

show  mis  qos  vlan  vlan-id  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

vlan-id 

Specify  the  VLAN  ID  of  the  SVI  to  display  the  policy  maps.  The  range  is  1  to 

4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


The  output  from  the  show  mis  qos  vlan  command  is  meaningful  only  when  VLAN-based  quality  of 
service  (QoS)  is  enabled  and  when  hierarchical  policy  maps  are  configured. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mis  qos  vlan  command: 

Switch>  show  mis  qos  vlan  10 

VlanlO 

Attached  policy-map  for  Ingress : pm-test-pm-2 


Related  Commands  Command 


Description 


policy-map 


Creates  or  modifies  a  policy  map  that  can  be  attached  to 
multiple  ports  and  enters  policy-map  configuration  mode. 
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show  monitor  M 


show  monitor 


Use  the  show  monitor  user  EXEC  command  to  display  information  about  all  Switched  Port  Analyzer 
(SPAN)  and  Remote  SPAN  (RSPAN)  sessions  on  the  switch.  Use  the  command  with  keywords  to  show 
a  specific  session,  all  sessions,  all  local  sessions,  or  all  remote  sessions. 

show  monitor  [session  {session_number  I  all  I  local  I  range  list  I  remote}  [detail]]  [  I  [begin  I 
exclude  I  include }  expression] 


Syntax  Description 

session 

(Optional)  Display  information  about  specified  SPAN  sessions. 

session_number 

Specify  the  number  of  the  SPAN  or  RSPAN  session.  The  range  is  1  to  66. 

all 

Display  all  SPAN  sessions. 

local 

Display  only  local  SPAN  sessions. 

range  list 

Display  a  range  of  SPAN  sessions,  where  list  is  the  range  of  valid  sessions, 

either  a  single  session  or  a  range  of  sessions  described  by  two  numbers,  the 

lower  one  first,  separated  by  a  hyphen.  Do  not  enter  any  spaces  between 

comma-separated  parameters  or  in  hyphen-specified  ranges. 

Note     This  keyword  is  available  only  in  privileged  EXEC  mode. 

Command  Modes 

remote 

Display  only  remote  SPAN  sessions. 

detail 

(Optional)  Display  detailed  information  about  the  specified  sessions. 

1  begin 

Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

Display  excludes  lines  that  match  the  expression. 

1  include 

Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 

The  output  is  the  same  for  the  show  monitor  command  and  the  show  monitor  session  all  command. 
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Examples  This  is  an  example  of  output  for  the  show  monitor  user  EXEC  command: 

Switch#  show  monitor 

Session  1 


Type  :  Local  Session 

Source  Ports  : 

RX  Only   :  GiO/11 

Both   :  Gi0/12-13,Gi0/5-614-15 

Destination  Ports   :  GiO/10 

Encapsulation  :  Replicate 

Ingress  :  Disabled 

Session  2 


Type   :   Remote  Source  Session 
Source  VLANs  : 
TX  Only   :  10 
Both   :  1-9 

Dest  RSPAN  VLAN    :  105 


This  is  an  example  of  output  for  the  show  monitor  user  EXEC  command  for  local  SPAN  source 
session  1: 

Switch#  show  monitor  session  1 

Session  1 


Type  :  Local  Session 

Source  Ports  : 

RX  Only   :  GiO/11 

Both   :  Gi0/12-13,Gi0/5-614-15 

Destination  Ports   :  GiO/10 

Encapsulation  :  Replicate 

Ingress   :  Disabled 


This  is  an  example  of  output  for  the  show  monitor  session  all  user  EXEC  command  when  ingress  traffic 
forwarding  is  enabled: 


Switch#  show  monitor  session  all 

Session  1 


Type  :  Local  Session 
Source  Ports  : 
Both   :  GiO/11 

Destination  Ports   :  GiO/15 
Encapsulation  :  Native 
Ingress  :  Enabled,  default  VLAN 
Ingress  encap   :  DOT1Q 

Session  2 


Type  :  Local  Session 
Source  Ports  : 
Both   :  GiO/8 

Destination  Ports   :  GiO/12 
Encapsulation  :  Replicate 
Ingress   :   Enabled,   default  VLAN  =  4 
Ingress  encap   :  Untagged 


Related  Commands  Command 


monitor  session 


Description 


Starts  or  modifies  a  SPAN  or  RSPAN  session. 
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show  mvr 


Use  the  show  mvr  privileged  EXEC  command  without  keywords  to  display  the  current  Multicast  VLAN 
Registration  (MVR)  global  parameter  values,  including  whether  or  not  MVR  is  enabled,  the  MVR 
multicast  VLAN,  the  maximum  query  response  time,  the  number  of  multicast  groups,  and  the  MVR 
mode  (dynamic  or  compatible). 

show  mvr  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mvr  command: 

Switch#  show  mvr 

MVR  Running:  TRUE 

MVR  multicast  VLAN:  1 

MVR  Max  Multicast  Groups:  256 

MVR  Current  multicast  groups:  0 

MVR  Global  query  response  time:   5    (tenths  of  sec) 
MVR  Mode:  compatible 


In  the  preceding  display,  the  maximum  number  of  multicast  groups  is  fixed  at  256.  The  MVR  mode  is 
either  compatible  (for  interoperability  with  Catalyst  2900  XL  and  Catalyst  3500  XL  switches)  or 
dynamic  (where  operation  is  consistent  with  IGMP  snooping  operation  and  dynamic  MVR  membership 
on  source  ports  is  supported). 
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Related  Commands      Command  Description 

mvr  (global  configuration)       Enables  and  configures  multicast  VLAN  registration  on  the  switch, 
mvr  (interface  configuration)   Configures  MVR  ports. 

show  mvr  interface  Displays  the  configured  MVR  interfaces,  status  of  the  specified 

interface,  or  all  multicast  groups  to  which  the  interface  belongs  when 
the  interface  and  members  keywords  are  appended  to  the  command. 

show  mvr  members  Displays  all  ports  that  are  members  of  an  MVR  multicast  group  or,  if 

there  are  no  members,  means  the  group  is  inactive. 
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show  mvr  interface  US 


show  mvr  interface 

Use  the  show  mvr  interface  privileged  EXEC  command  without  keywords  to  display  the  Multicast 
VLAN  Registration  (MVR)  receiver  and  source  ports.  Use  the  command  with  keywords  to  display  MVR 
parameters  for  a  specific  receiver  port. 

show  mvr  interface  [interface-id  [members  [vlan  vlan-id]]]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description       interface-id  (Optional)  Display  MVR  type,  status,  and  Immediate  Leave  setting  for  the 

interface. 

Valid  interfaces  include  physical  ports  (including  type,  module,  and  port 
number. 


members 

(Optional)  Display  all  MVR  groups  to  which  the  specified  interface  belongs. 

vlan  vlan-id 

(Optional)  Display  all  MVR  group  members  on  this  VLAN.  The  range  is  1 

to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        If  the  entered  port  identification  is  a  non-MVR  port  or  a  source  port,  the  command  returns  an  error 
message.  For  receiver  ports,  it  displays  the  port  type,  per  port  status,  and  Immediate-Leave  setting. 

If  you  enter  the  members  keyword,  all  MVR  group  members  on  the  interface  appear.  If  you  enter  a 
VLAN  ID,  all  MVR  group  members  in  the  VLAN  appear. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  mvr  interface  command: 

Switch#  show  mvr  interface 

Port  Type  Status  Immediate  Leave 


Gi0/1  SOURCE  ACTIVE/UP  DISABLED 

GiO/2  RECEIVER  ACTIVE /DOWN  DISABLED 
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In  the  preceding  display,  Status  is  defined  as  follows: 

•  Active  means  the  port  is  part  of  a  VLAN. 

•  Up/Down  means  that  the  port  is  forwarding/nonforwarding. 

•  Inactive  means  that  the  port  is  not  yet  part  of  any  VLAN. 

This  is  an  example  of  output  from  the  show  mvr  interface  command  for  a  specified  port: 

Switch#  show  mvr  interface  gigabitethernetO/2 

Type:   RECEIVER  Status:   ACTIVE  Immediate  Leave:  DISABLED 


This  is  an  example  of  output  from  the  show  mvr  interface  interface-id  members  command: 

Switch)!  show  mvr  interface  gigabitethernetO/2  members 


239  .255 . 
239 .255 . 
239 .255 . 
239 .255 . 
239  .255 . 
239  .255 . 
239  .255 . 
239  .255 . 
239 .255 . 
239  .255 . 


0  DYNAMIC  ACTIVE 

1  DYNAMIC  ACTIVE 

2  DYNAMIC  ACTIVE 

3  DYNAMIC  ACTIVE 

4  DYNAMIC  ACTIVE 

5  DYNAMIC  ACTIVE 

6  DYNAMIC  ACTIVE 

7  DYNAMIC  ACTIVE 

8  DYNAMIC  ACTIVE 

9  DYNAMIC  ACTIVE 


Related  Commands      Command  Description 


mvr  (global  configuration) 

Enables  and  configures  multicast  VLAN  registration  on  the 

switch. 

mvr  (interface  configuration) 

Configures  MVR  ports. 

show  mvr 

Displays  the  global  MVR  configuration  on  the  switch. 

show  mvr  members 

Displays  all  receiver  ports  that  are  members  of  an  MVR 

multicast  group. 
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show  mvr  members  SIS 


show  mvr  members 


Use  the  show  mvr  members  privileged  EXEC  command  to  display  all  receiver  and  source  ports  that  are 
currently  members  of  an  IP  multicast  group. 

show  mvr  members  [ip-address]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

ip-address 

(Optional)  The  IP  multicast  address.  If  the  address  is  entered,  all  receiver  and 

source  ports  that  are  members  of  the  multicast  group  appear.  If  no  address  is 

entered,  all  members  of  all  Multicast  VLAN  Registration  (MVR)  groups  are 

listed.  If  a  group  has  no  members,  the  group  is  listed  as  Inactive. 

Command  Modes 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


The  show  mvr  members  command  applies  to  receiver  and  source  ports.  For  MVR-compatible  mode,  all 
source  ports  are  members  of  all  multicast  groups. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  mvr  members  command: 


Switch* 

show 

mvr  members 

MVR  Group 

IP 

Status 

Members 

239.255. 

.0. 

.1 

ACTIVE 

Gi0/1 (d) ,   GiO/5 (s 

239.255. 

.  0  . 

.2 

INACTIVE 

None 

239.255. 

.0. 

.3 

INACTIVE 

None 

239.255. 

.  0  . 

.4 

INACTIVE 

None 

239.255. 

.0. 

.5 

INACTIVE 

None 

239.255. 

.0. 

6 

INACTIVE 

None 

239.255. 

.0. 

.7 

INACTIVE 

None 

239.255. 

.0, 

.8 

INACTIVE 

None 

239.255. 

.0. 

.9 

INACTIVE 

None 

239.255. 

.0, 

.10 

INACTIVE 

None 

<output 

truncated> 
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This  is  an  example  of  output  from  the  show  mvr  members  ip-address  command.  It  displays  the 
members  of  the  IP  multicast  group  with  that  address: 

Switch#  show  mvr  members  239.255.0.2 

239. 255. 003. --22  ACTIVE  Gi0/l(d),   Gi0/2(d),   GiO/3 (d) , 

Gi0/4 (d) ,   Gi0/5 (s) 


Related  Commands      Command  Description 


mvr  (global  configuration) 

Enables  and  configures  multicast  VLAN  registration  on  the 

switch. 

mvr  (interface  configuration) 

Configures  MVR  ports. 

show  mvr 

Displays  the  global  MVR  configuration  on  the  switch. 

show  mvr  interface 

Displays  the  configured  MVR  interfaces,  status  of  the  specified 

interface,  or  all  multicast  groups  to  which  the  interface  belongs 

when  the  members  keyword  is  appended  to  the  command. 
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show  pagp 


Use  the  show  pagp  user  EXEC  command  to  display  Port  Aggregation  Protocol  (PAgP)  channel-group 
information. 

show  pagp  [channel-group-number]  {counters  I  internal  I  neighbor}  [  I  {begin  I  exclude  I 
include}  expression]] 


Syntax  Description 

channel- group-number 

(Optional)  Number  of  the  channel  group.  The  range  is  1  to  48. 

counters 

Display  traffic  information. 

internal 

Display  internal  information. 

neighbor 

Display  neighbor  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  can  enter  any  show  pagp  command  to  display  the  active  channel-group  information.  To  display  the 
nonactive  information,  enter  the  show  pagp  command  with  a  channel-group  number. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  are  appear. 


Examples 


This  is  an  example  of  output  from  the  show  pagp  1  counters  command: 

Switch>  show  pagp  1  counters 

Information  Flush 
Port  Sent       Recv  Sent  Recv 


Channel  group:  1 

GiO/11  45  42  0  0 

GiO/12  45  41  0  0 


This  is  an  example  of  output  from  the  show  pagp  1  internal  command: 


Switch>  show  pagp  1  internal 

Flags:     S  -  Device  is  sending  Slow  hello. 

A  -  Device  is  in  Auto  mode. 
Timers:   H  -  Hello  timer  is  running. 

S  -  Switching  timer  is  running. 


C  -  Device  is  in  Consistent  state. 

Q  -  Quit  timer  is  running. 

I  -  Interface  timer  is  running. 


Channel  group  1 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  BladeSystem  Command  Reference  Guide  j 


2-419 


M     show  pagp 


Chapter  2   CGESM  Switch  Cisco  IPS  Commands  | 


Hello         Partner     PAgP  Learning  Group 

Port                Flags  State       Timers     Interval  Count       Priority  Method  Ifindex 

GiO/11               SC         U6/S7       H               30s             1                 128  Any  16 

GiO/12                SC         U6/S7       H               30s             1                 128  Any  16 

This  is  an  example  of  output  from  the  show  pagp  1  neighbor  command: 

Switch>  show  pagp  1  neighbor 

Flags:     S  -  Device  is  sending  Slow  hello.     C  -  Device  is  in  ( 
A  -  Device  is  in  Auto  mode.  P  -  Device  learns 


Device  is  xn  Consxstent  state. 
Device  learns  on  physical  port. 


Channel  group  1  neighbors 


Port 

GiO/11 

GiO/12 


Partner 

Name 
switch-p2 
switch-p2 


Partner  Partner 

Device  ID  Port 

0002 .4b29 .4600  GiO/11 

0002. 4b29. 4600  GiO/12 


Partner  Group 
Age     Flags  Cap. 

9s  SC  10001 
24s  SC  10001 


Related  Commands  Command 


clear  pagp 


Description 


Clears  PAgP  channel-group  information. 
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show  parser  macro  iM 


show  parser  macro 


Use  the  show  parser  macro  user  EXEC  command  to  display  the  parameters  for  all  configured  macros 
or  for  one  macro  on  the  switch. 

show  parser  macro  [{brief  I  description  [interface  interface-id]  I  name  macro-name}]  [  I  {begin 
I  exclude  I  include}  expression] 


Syntax  Description  brief 


description  [interface 

interface-id] 


name  macro-name 


I  begin 
I  exclude 
I  include 


expression 


(Optional)  Display  the  name  of  each  macro. 

(Optional)  Display  all  macro  descriptions  or  the  description  of  a  specific 
interface. 


(Optional)  Display  information  about  a  single  macro  identified  by  the  macro 
name. 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 
(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


User  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  a  partial  output  example  from  the  show  parser  macro  command.  The  output  for  the  Cisco-default 
macros  varies  depending  on  the  switch  platform  and  the  software  image  running  on  the  switch: 


Switch#  show  parser  macro 

Total  number  of  macros  =  6 


Macro  name  :  cisco-global 
Macro  type   :   default  global 

#  Enable  dynamic  port  error  recovery  for  link  state 

#  failures 

errdisable  recovery  cause  link-flap 
errdisable  recovery  interval  60 


<output  truncated> 


Macro  name   :  cisco-desktop 
Macro  type   :   default  interface 

#  macro  keywords  $AVID 

#  Basic  interface  -  Enable  data  VLAN  only 
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#  Recommended  value  for  access  vlan   (AVID)    should  not  be  1 
switchport  access  vlan  $AVID 
switchport  mode  access 

<output  truncated> 


Macro  name   :  cisco-phone 
Macro  type   :   default  interface 

#  Cisco  IP  phone  +  desktop  template 

#  macro  keywords  $AVID  $WID 

#  VoIP  enabled  interface  -  Enable  data  VLAN 

#  and  voice  VLAN  (WID) 

#  Recommended  value  for  access  vlan  (AVID)  should  not  be  1 
switchport  access  vlan  $AVID 

switchport  mode  access 

<output  truncated> 


Macro  name   :  cisco-switch 
Macro  type   :   default  interface 

#  macro  keywords  $NVID 

#  Access  Uplink  to  Distribution 

#  Do  not  apply  to  EtherChannel/Port  Group 

#  Define  unique  Native  VLAN  on  trunk  ports 

#  Recommended  value  for  native  vlan  (NVID)  should  not  be  1 
switchport  trunk  native  vlan  $NVID 

<output  truncated> 


Macro  name   :  cisco-router 
Macro  type   :   default  interface 

#  macro  keywords  $NVID 

#  Access  Uplink  to  Distribution 

#  Define  unique  Native  VLAN  on  trunk  ports 

#  Recommended  value  for  native  vlan  (NVID)  should  not  be  1 
switchport  trunk  native  vlan  $NVID 

<output  truncated> 


Macro  name   :  snmp 

Macro  type   :  customizable 

tenable  port  security,    linkup,   and  linkdown  traps 

snmp-server  enable  traps  port-security 

snmp-server  enable  traps  linkup 

snmp-server  enable  traps  linkdown 

#set  snmp-server  host 

snmp-server  host  ADDRESS 

#set  SNMP  trap  notifications  precedence 

snmp-server  ip  precedence  VALUE 


This  is  an  example  of  output  from  the  show  parser  macro  name  command: 

Switch#  show  parser  macro  name  standard-switchlO 

Macro  name   :  standard-switchlO 
Macro  type   :  customizable 
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show  parser  macro  M 


macro  description  standard-switchlO 

#  Trust  QoS  settings  on  VOIP  packets 
auto  qos  voip  trust 

#  Allow  port  channels  to  be  automatically  formed 
channel-protocol  pagp 

This  is  an  example  of  output  from  the  show  parser  macro  brief  command: 

Switch#  show  parser  macro  brief 

default  global       :  cisco-global 

default  interface:  cisco-desktop 

default  interface:  cisco-phone 

default  interface:  cisco-switch 

default  interface:  cisco-router 

customizable  :  snmp 

This  is  an  example  of  output  from  the  show  parser  description  command: 

Switch#  show  parser  macro  description 

Global  Macro (s):  cisco-global 
Interface        Macro  Description(s) 


GiO/1  standard-switchlO 
GiO/2  this  is  test  macro 


This  is  an  example  of  output  from  the  show  parser  description  interface  command: 

Switch*  show  parser  macro  description  interface  gigabitethernetO/2 

Interface        Macro  Description 

GiO/2  this  is  test  macro 


Related  Commands      Command  Description 


macro  apply 

Applies  a  macro  on  an  interface  or  applies  and  traces  a  macro  on  an  interface. 

macro  description 

Adds  a  description  about  the  macros  that  are  applied  to  an  interface. 

macro  global 

Applies  a  macro  on  a  switch  or  applies  and  traces  a  macro  on  a  switch. 

macro  global 
description 

Adds  a  description  about  the  macros  that  are  applied  to  the  switch. 

macro  name 

Creates  a  macro. 

show  running-config      Displays  the  current  operating  configuration,  including  defined  macros.  For 


syntax  information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management  Commands  > 
Configuration  File  Management  Commands. 
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show  policy-map 


Use  the  show  policy-map  user  EXEC  command  to  display  quality  of  service  (QoS)  policy  maps,  which 
define  classification  criteria  for  incoming  traffic.  Policy  maps  can  include  policers  that  specify  the 
bandwidth  limitations  and  the  action  to  take  if  the  limits  are  exceeded. 

show  policy-map  [policy-map-name  [class  class-map-name]]  [  1  {begin  1  exclude  1  include} 

expression] 

Syntax  Description 

policy-map-name 

(Optional)  Display  the  specified  policy-map  name. 

class  class-map-name 

(Optional)  Display  QoS  policy  actions  for  a  individual  class. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Note 

Though  visible  in  the  command-line  help  string,  the  control-plane  and  interface  keywords  are  not 
supported,  and  the  statistics  shown  in  the  display  should  be  ignored. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  policy-map  command: 

Switch>  show  policy-map 

Policy  Map  videowizard_policy2 
class  videowizard_10-10-10-10 
set  dscp  34 

police  100000000  2000000  exceed-action  drop 


Policy  Map  mypolicy 
class  dscp5 
set  dscp  6 
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show  policy-map  I 


Related  Commands      Command  Description 

policy-map  Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple  ports  to 

specify  a  service  policy. 
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show  port-security 


Use  the  show  port-security  privileged  EXEC  command  to  display  port-security  settings  for  an  interface 
or  for  the  switch. 

show  port-security  [interface  interface-id]  [address  I  vlan]  [  I  [begin  I  exclude  I  include} 

expression] 


Syntax  Description 

interface  interface-id 

(Optional)  Display  port  security  settings  for  the  specified  interface.  Valid 
interfaces  include  physical  ports  (including  type,  module,  and  port  number). 

address 

(Optional)  Display  all  secure  MAC  addresses  on  all  ports  or  a  specified  port. 

vlan 

(Optional)  Display  port  security  settings  for  all  VLANs  on  the  specified 
interface.  This  keyword  is  visible  only  on  interfaces  that  have  the  switchport 
mode  set  to  trunk. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


If  you  enter  the  command  without  keywords,  the  output  includes  the  administrative  and  operational 
status  of  all  secure  ports  on  the  switch. 

If  you  enter  an  interface-id,  the  command  displays  port  security  settings  for  the  interface. 

If  you  enter  the  address  keyword,  the  command  displays  the  secure  MAC  addresses  for  all  interfaces 
and  the  aging  information  for  each  secure  address. 

If  you  enter  an  interface-id  and  the  address  keyword,  the  command  displays  all  the  MAC  addresses  for 
the  interface  with  aging  information  for  each  secure  address.  You  can  also  use  this  command  to  display 
all  the  MAC  addresses  for  an  interface  even  if  you  have  not  enabled  port  security  on  it. 

If  you  enter  the  vlan  keyword,  the  command  displays  the  configured  maximum  and  the  current  number 
of  secure  MAC  addresses  for  all  VLANs  on  the  interface.  This  option  is  visible  only  on  interfaces  that 
have  the  switchport  mode  set  to  trunk. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  port-security  I 


Examples  This  is  an  example  of  the  output  from  the  show  port-security  command: 

Switch#  show  port-security 

Secure  Port  MaxSecureAddr     CurrentAddr     SecurityViolation     Security  Action 

(Count)  (Count)  (Count) 

GiO/1  1  0  0  Shutdown 

Total  Addresses  in  System  (excluding  one  mac  per  port)  :  1 

Max  Addresses  limit  in  System  (excluding  one  mac  per  port)    :  6272 

This  is  an  example  of  output  from  the  show  port-security  interface  interface-id  command: 

Switch#  show  port-security  interface  gigabitethernetO/1 

Port  Security  :  Enabled 

Port  status   :  SecureUp 

Violation  mode   :  Shutdown 

Maximum  MAC  Addresses   :  1 

Total  MAC  Addresses   :  0 

Configured  MAC  Addresses   :  0 

Aging  time   :   0  mins 

Aging  type   :  Absolute 

SecureStatic  address  aging  :  Disabled 

Security  Violation  count   :  0 

This  is  an  example  of  output  from  the  show  port-security  address  command: 

Switch#  show  port-security  address 

Secure  Mac  Address  Table 


Vlan        Mac  Address  Type  Ports       Remaining  Age 

(mins ) 


0006.0700.0800         SecureConf igured  Gi0/2 


Total  Addresses  in  System  (excluding  one  mac  per  port)  :  1 

Max  Addresses  limit  in  System  (excluding  one  mac  per  port)    :  6272 

This  is  an  example  of  output  from  the  show  port-security  interface  gigabitethernetO/2  address 

command: 

Switch*  show  port-security  interface  gigabitethernetO/2  address 

Secure  Mac  Address  Table 

Vlan        Mac  Address  Type  Ports       Remaining  Age 

(mins ) 


I  0006.0700.0800         SecureConf igured        GiO/2  1 
Total  Addresses :  1 

This  is  an  example  of  output  from  the  show  port-security  interface  interface-id  vlan  command: 

Switch*  show  port-security  interface  gigabitethernetO/2  vlan 

Default  maximum:not  set,   using  5120 
VLAN     Maximum  Current 

5         default  1 
10         default  54 

II  default  101 

12  default  101 

13  default  201 

14  default  501 
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Related  Commands  Command 


clear  port-security 


switchport  port-security 


Description 


Deletes  from  the  MAC  address  table  a  specific  type  of  secure  address 
or  all  the  secure  addresses  on  the  switch  or  an  interface. 

Enables  port  security  on  a  port,  restricts  the  use  of  the  port  to  a 
user-defined  group  of  stations,  and  configures  secure  MAC 
addresses. 
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show  setup  express 


show  setup  express 


Use  the  show  setup  express  privileged  EXEC  command  to  display  if  Express  Setup  mode  is  active  on 
the  switch. 

show  setup  express  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


I  begin 
I  exclude 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


I  include 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


expression 


Expression  in  the  output  to  use  as  a  reference  point. 


Defaults 


No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Examples 


This  is  an  example  of  output  from  the  show  setup  express  command: 

Switch#  show  setup  express 

express  setup  mode  is  active 


Related  Commands  Command 


Description 


setup  express 


Enables  Express  Setup  mode. 
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show  spanning-tree 

Use  the  show  spanning-tree  user  EXEC  command  to  display  spanning-tree  state  information. 

show  spanning-tree  [bridge-group  I  active  [detail]  I  hackbonefast  I  blockedports  I  bridge  I  detail 
[active]  I  inconsistentports  I  interface  interface-id  I  mst  I  pathcost  method  I  root  I  summary 
[totals]  I  uplinkfast  I  vlan  vlan-id]  [  I  {begin  I  exclude  I  include]  expression] 

show  spanning-tree  bridge-group  [active  [detail]  I  blockedports  I  bridge  I  detail  [active]  I 
inconsistentports  I  interface  interface-id  I  root  I  summary]  [  I  {begin  I  exclude  I  include] 

expression] 

show  spanning-tree  vlan  vlan-id  [active  [detail]  I  blockedports  I  bridge  I  detail  [active]  I 
inconsistentports  I  interface  interface-id  I  root  I  summary]  [  I  {begin  I  exclude  I  include] 

expression] 

show  spanning-tree  {vlan  vlan-id  I  bridge-group}  bridge  [address  I  detail  I  forward-time  I 
hello-time  I  id  I  max-age  I  priority  [system-id]  I  protocol]  [  I  {begin  I  exclude  I  include] 

expression] 

show  spanning-tree  {vlan  vlan-id  I  bridge-group}  root  [address  I  cost  I  detail  I  forward-time  I 
hello-time  I  id  I  max-age  I  port  I  priority  [system-id]  [  I  {begin  I  exclude  I  include] 

expression] 

show  spanning-tree  interface  interface-id  [active  [detail]  I  cost  I  detail  [active]  I  inconsistency  I 
portfast  I  priority  I  rootcost  I  state]  [  I  { begin  I  exclude  I  include }  expression] 

show  spanning-tree  mst  [configuration  [digest]]  I  [instance-id  [detail  I  interface  interface-id 
[detail]]  [  I  {begin  I  exclude  I  include]  expression] 


Syntax  Description 


bridge-group 
active  [detail] 

backbonefast 


(Optional)  Specify  the  bridge  group  number.  The  range  is  1  to  255. 

(Optional)  Display  spanning-tree  information  only  on  active  interfaces 
(available  only  in  privileged  EXEC  mode). 

(Optional)  Display  spanning-tree  BackboneFast  status. 


blockedports 

bridge  [address  I  detail  I 
forward-time  I  hello-time  I 
id  I  max-age  I  priority 
[system-id]  I  protocol] 

detail  [active] 

inconsistentports 

interface  interface-id 
[active  [detail]  I  cost  I 
detail  [active]  I 
inconsistency  I  portfast  I 
priority  I  rootcost  I  state] 


(Optional)  Display  blocked  port  information  (available  only  in  privileged 
EXEC  mode). 

(Optional)  Display  status  and  configuration  of  this  switch  (optional 
keywords  available  only  in  privileged  EXEC  mode). 


(Optional)  Display  a  detailed  summary  of  interface  information  (active 
keyword  available  only  in  privileged  EXEC  mode). 

(Optional)  Display  inconsistent  port  information  (available  only  in 
privileged  EXEC  mode). 

(Optional)  Display  spanning-tree  information  for  the  specified  interface 
(all  options  except  portfast  and  state  available  only  in  privileged  EXEC 
mode).  Enter  each  interface  separated  by  a  space.  Ranges  are  not 
supported.  Valid  interfaces  include  physical  ports,  VLANs,  and  port 
channels.  The  VLAN  range  is  1  to  4094.  The  port-channel  range  is  1 
to  48. 
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show  spanning-tree  SSI 


mst  [configuration 
[digest]]  [instance-id 
[detail  I  interface 

interface-id  [detail]] 


pathcost  method 

root  [address  I  cost  I  detail 
I  forward-time  I  hello-time 
I  id  I  max-age  I  port  I 
priority  [system-id]] 

summary  [totals] 


uplinkfast 


(Optional)  Display  the  multiple  spanning-tree  (MST)  region 
configuration  and  status  (available  only  in  privileged  EXEC  mode). 

The  keywords  have  these  meanings: 

•  digest — (Optional)  Display  the  MD5  digest  included  in  the  current 
MST  configuration  identifier  (MSTCI).  Two  separate  digests,  one 
for  standard  and  one  for  prestandard  switches,  appear  (available  only 
in  privileged  EXEC  mode). 

The  terminology  was  updated  for  the  implementation  of  the  IEEE 
standard,  and  the  txholdcount  field  was  added. 

The  new  master  role  appears  for  boundary  ports. 

The  word  prestandard  or  Pre-STD  appears  when  an  IEEE  standard 
bridge  sends  prestandard  BPDUs  on  a  port. 

The  word  prestandard  (config)  or  Pre-STD-Cf  appears  when  a  port 
has  been  configured  to  transmit  prestandard  BPDUs  and  no 
prestandard  BPDU  has  been  received  on  that  port. 

The  word  prestandard  (rcvd)  or  Pre-STD-Rx  appears  when  a 
prestandard  BPDU  has  been  received  on  a  port  that  has  not  been 
configured  to  transmit  prestandard  BPDUs. 

A  dispute  flag  appears  when  a  designated  port  receives  inferior 
designated  information  until  the  port  returns  to  the  forwarding  state 
or  ceases  to  be  designated. 

•  instance-id — You  can  specify  a  single  instance  ID,  a  range  of  IDs 
separated  by  a  hyphen,  or  a  series  of  IDs  separated  by  a  comma.  The 
range  is  1  to  4094.  The  display  shows  the  number  of  currently 
configured  instances. 

•  interface  interface-id — (Optional)  Valid  interfaces  include  physical 
ports,  VLANs,  and  port  channels.  The  VLAN  range  is  1  to  4094.  The 
port-channel  range  is  1  to  48. 

•  detail — (Optional)  Display  detailed  information  for  the  instance  or 
interface. 

(Optional)  Display  the  default  path  cost  method  (available  only  in 
privileged  EXEC  mode). 

(Optional)  Display  root  switch  status  and  configuration  (all  keywords 
available  only  in  privileged  EXEC  mode). 


(Optional)  Display  a  summary  of  port  states  or  the  total  lines  of  the 
spanning-tree  state  section.  The  words  IEEE  Standard  identify  the  MST 
version  running  on  a  switch. 

(Optional)  Display  spanning-tree  UplinkFast  status. 


vlan  vlan-id  [active 
[detail]  I  backbonefast  I 
blockedports  I  bridge 
[address  I  detail  I 
forward-time  I  hello-time  I 
id  I  max-age  I  priority 
[system-id]  I  protocol] 


(Optional)  Display  spanning-tree  information  for  the  specified  VLAN 
(some  keywords  available  only  in  privileged  EXEC  mode).  You  can 
specify  a  single  VLAN  identified  by  VLAN  ID  number,  a  range  of 
VLANs  separated  by  a  hyphen,  or  a  series  of  VLANs  separated  by  a 
comma.  The  range  is  1  to  4094. 
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1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes       User  EXEC 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  digest  keyword  was  added,  and  new  digest  and  transmit  hold  count 

fields  appear. 

Usage  Guidelines        If  the  vlan-id  variable  is  omitted,  the  command  applies  to  the  spanning-tree  instance  for  all  VLANs. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  spanning-tree  active  command: 

Switch#  show  spanning-tree  active 

VLANO  001 

Spanning  tree  enabled  protocol  ieee 
Root  ID         Priority  32768 

Address  0001 . 42e2 . cddO 

Cost  3038 

Port  24  (GigabitEthernetO/1) 

Hello  Time       2  sec     Max  Age  20  sec     Forward  Delay  15  sec 

Bridge  ID     Priority        49153      (priority  49152  sys-id-ext  1) 
Address  0003 . fd63 . 9580 

Hello  Time       2  sec     Max  Age  20  sec     Forward  Delay  15  sec 
Aging  Time  3  00 
Uplinkfast  enabled 

Interface  Role  Sts  Cost  Prio.Nbr  Type 


Gi0/ll  Root  FWD  3019  128.24  P2p 

<output  truncated> 

This  is  an  example  of  output  from  the  show  spanning-tree  detail  command: 

Switch#  show  spanning-tree  detail 

VLAN0001  is  executing  the  ieee  compatible  Spanning  Tree  protocol 

Bridge  Identifier  has  priority  49152,    sysid  1,   address  0003 . fd63 . 9580 

Configured  hello  time  2,  max  age  20,    forward  delay  15 

Current  root  has  priority  32768,   address  0001 . 42e2 . cddO 

Root  port  is  1    (GigabitEthernetO/1) ,   cost  of  root  path  is  3038 

Topology  change  flag  not  set,   detected  flag  not  set 

Number  of  topology  changes  0  last  change  occurred  ldl6h  ago 

Times:     hold  1,   topology  change  35,   notification  2 

hello  2,  max  age  20,    forward  delay  15 
Timers:  hello  0,   topology  change  0,   notification  0,   aging  300 
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Uplinkfast  enabled 

Port  1    (GigabitEthernetO/1)    of  VLAN0001  is  forwarding 

Port  path  cost  3019,   Port  priority  128,    Port  Identifier  128.24. 
Designated  root  has  priority  32768,   address  0001 . 42e2 . cddO 
Designated  bridge  has  priority  32768,   address  OOdO . bbf 5 . c680 
Designated  port  id  is  128.25,   designated  path  cost  19 
Timers:  message  age  2,    forward  delay  0,   hold  0 
Number  of  transitions  to  forwarding  state:  1 
Link  type  is  point-to-point  by  default 
BPDU:    sent  0,    received  72364 
<output  truncated> 

This  is  an  example  of  output  from  the  show  spanning-tree  interface  interface-id  command: 

Switch#  show  spanning-tree  interface  gigabitethernetO/1 

Vlan  Role  Sts  Cost  Prio.Nbr  Type 


VLAN0001 


Root  FWD  3  019 


128.24 


P2p 


Switch#  show  spanning-tree  summary 

Switch  is  in  pvst  mode 
Root  bridge  for:  none 

EtherChannel  misconf iguration  guard  is  enabled 
Extended  system  ID       is  enabled 

is  disabled  by  default 
is  disabled  by  default 


Portf ast 

PortFast  BPDU  Guard 


Portfast  BPDU  Filter  is  disabled  by  default 


Loopguard 

UplinkFast 

BackboneFast 


is  disabled  by  default 
is  enabled 
is  enabled 


Pathcost  method  used  is  short 


Name 


Blocking  Listening  Learning  Forwarding  STP  Active 


VLAN0  001 
VLAN0002 
VLAN0004 
VLAN0006 
VLAN0031 
VLAN0032 

<output  truncated> 


11 

1 

1 

1 

1 

1 


12 

4 

4 

4 

4 

4 


37  vlans  109  0 

Station  update  rate  set  to  150  packets/sec. 


47 


156 


UplinkFast  statistics 

Number  of  transitions  via  uplinkFast   (all  VLANs)  :  0 

Number  of  proxy  multicast  addresses  transmitted   (all  VLANs )    :  0 

BackboneFast  statistics 


Number  of  transition  via  backboneFast   (all  VLANs) 
Number  of  inferior  BPDUs  received   (all  VLANs) 
Number  of  RLQ  request  PDUs  received   (all  VLANs) 
Number  of  RLQ  response  PDUs  received   (all  VLANs) 
Number  of  RLQ  request  PDUs  sent    (all  VLANs) 
Number  of  RLQ  response  PDUs  sent    (all  VLANs) 
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This  is  an  example  of  output  from  the  show  spanning-tree  mst  configuration  command: 

Switch#  show  spanning-tree  mst  configuration 

Name  [regionl] 
Revision  1 

Instance    Vlans  Mapped 


0  1-9,21-4094 

1  10-20 


This  is  an  example  of  output  from  the  show  spanning-tree  mst  interface  interface-id  command: 

Switch#  show  spanning-tree  mst  interface  gigabitethernetO/1 

GigabitEthernetO/1  of  MST00  is  root  forwarding 
Edge  port:  no  (default)  port  guard  :  none 

Link  type:  point-to-point   (auto)  bpdu  filter:  disable 

Boundary  :  boundary  (STP)  bpdu  guard  :  disable 

Bpdus  sent  5,   received  74 

Instance  role  state  cost  prio  vlans  mapped 

0  root  FWD       200000         128  1,12,14-4094 

This  is  an  example  of  output  from  the  show  spanning-tree  mst  0  command: 

Switch*  show  spanning-tree  mst  0 

######  MST00  vlans  mapped:  1-9,21-4094 

Bridge  address  0002 . 4b29 . 7a00     priority     32768    (32768  sysid  0) 

Root  address  0001 . 4297 . eOOO     priority     32768    (32768  sysid  0) 

port         GiO/21  path  cost  200038 

1ST  master  *this  switch 

Operational  hello  time  2,  forward  delay  15,  max  age  20,  max  hops  20 
Configured    hello  time  2,    forward  delay  15,   max  age  20,   max  hops  20 

Interface  role  state  cost  prio  type 


GigabitEthernetO/1  root  FWD       200000         128     P2P  bound(STP) 

GigabitEthernetO/2  desg  FWD       200000         128     P2P  bound(STP) 

Port-channell  desg  FWD       200000         128     P2P  bound(STP) 


Related  Commands      Command  Description 


clear  spanning-tree  counters 

Clears  the  spanning-tree  counters. 

clear  spanning-tree  detected-protocols 

Restarts  the  protocol  migration  process. 

spanning-tree  backbonefast 

Enables  the  BackboneFast  feature. 

spanning-tree  bpdufilter 

Prevents  an  interface  from  sending  or  receiving  bridge 

protocol  data  units  (BPDUs). 

spanning-tree  bpduguard 

Puts  an  interface  in  the  error-disabled  state  when  it 

receives  a  BPDU. 

spanning-tree  cost 

Sets  the  path  cost  for  spanning-tree  calculations. 

spanning-tree  extend  system-id 

Enables  the  extended  system  ID  feature. 

spanning-tree  guard 

Enables  the  root  guard  or  the  loop  guard  feature  for  all  the 

VLANs  associated  with  the  selected  interface. 

spanning-tree  link-type 

Overrides  the  default  link-type  setting  for  rapid 

spanning-tree  transitions  to  the  forwarding  state. 

(default) 
(default) 
(default) 
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Command 

Description 

spanning-tree  loopguard  default 

Prevents  alternate  or  root  ports  from  becoming  the 

designated  port  because  of  a  failure  that  leads  to  a 

unidirectional  link. 

spanning-tree  mst  configuration 

Enters  multiple  spanning-tree  (MST)  configuration  mode 

through  which  the  MST  region  configuration  occurs. 

spanning-tree  mst  cost 

Sets  the  path  cost  for  MST  calculations. 

spanning-tree  mst  forward-time 

Sets  the  forward-delay  time  for  all  MST  instances. 

spanning-tree  mst  hello-time 

Sets  the  interval  between  hello  BPDUs  sent  by  root  switch 

configuration  messages. 

spanning-tree  mst  max-age 

Sets  the  interval  between  messages  that  the  spanning  tree 

receives  from  the  root  switch. 

spanning-tree  mst  max-hops 

Sets  the  number  of  hops  in  an  MST  region  before  the 

BPDU  is  discarded  and  the  information  held  for  an 

interface  is  aged. 

spanning-tree  mst  port-priority 

Configures  an  interface  priority. 

spanning-tree  mst  priority 

Configures  the  switch  priority  for  the  specified 

spanning-tree  instance. 

spanning-tree  mst  root 

Configures  the  MST  root  switch  priority  and  timers  based 

on  the  network  diameter. 

spanning-tree  port-priority 

Configures  an  interface  priority. 

spanning-tree  portfast  (global 

Globally  enables  the  BPDU  filtering  or  the  BPDU  guard 

configuration) 

feature  on  Port  Fast-enabled  interfaces  or  enables  the  Port 

Fast  feature  on  all  nontrunking  interfaces. 

spanning-tree  portfast  (interface 

Enables  the  Port  Fast  feature  on  an  interface  and  all  its 

configuration) 

associated  VLANs. 

spanning-tree  uplinkfast 

Accelerates  the  choice  of  a  new  root  port  when  a  link  or 

switch  fails  or  when  the  spanning  tree  reconfigures  itself. 

spanning-tree  vlan 

Configures  spanning  tree  on  a  per- VLAN  basis. 
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show  storm-control 


Use  the  show  storm-control  user  EXEC  command  to  display  broadcast,  multicast,  or  unicast  storm 
control  settings  on  the  switch  or  on  the  specified  interface  or  to  display  storm-control  history. 

show  storm-control  [interface-id]  [broadcast  I  multicast  I  unicast]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 

interface-id 

(Optional)  Interface  ID  for  the  physical  port  (including  type,  module,  and  port 
number). 

broadcast 

(Optional)  Display  broadcast  storm  threshold  setting. 

multicast 

(Optional)  Display  multicast  storm  threshold  setting. 

unicast 

(Optional)  Display  unicast  storm  threshold  setting. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


When  you  enter  an  interface-id,  the  storm  control  thresholds  appear  for  the  specified  interface. 
If  you  do  not  enter  an  interface-id,  settings  appear  for  one  traffic  type  for  all  ports  on  the  switch. 
If  you  do  not  enter  a  traffic  type,  settings  appear  for  broadcast  storm  control. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  a  partial  output  from  the  show  storm-control  command  when  no  keywords  are 
entered.  Because  no  traffic-type  keyword  was  entered,  the  broadcast  storm  control  settings  appear. 


Switch>  show  storm-control 

Interface        Filter  State 


Upper 


Lower 


Current 


GiO/1  Forwarding  2  0  pps  10  pps  5  pps 

GiO/2  Forwarding  50.00%  40.00%  0.00% 

<output  truncated> 
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show  storm-control  I 


This  is  an  example  of  output  from  the  show  storm-control  command  for  a  specified  interface.  Because 
no  traffic-type  keyword  was  entered,  the  broadcast  storm  control  settings  appear. 

Switch>  show  storm-control  gigabitethernet  0/1 

Interface        Filter  State       Upper  Lower  Current 


GiO/1  Forwarding  2  0  pps  10  pps  5  pps 

Table  2-27  describes  the  fields  in  the  show  storm-control  display. 
Table  2-27        show  storm-control  Field  Descriptions 


Field 

Description 

Interface 

Displays  the  ID  of  the  interface. 

Filter  State 

Displays  the  status  of  the  filter: 

•  Blocking — Storm  control  is  enabled,  and  a  storm  has  occurred. 

•  Forwarding — Storm  control  is  enabled,  and  no  storms  have  occurred. 

•  Inactive — Storm  control  is  disabled. 

Upper 

Displays  the  rising  suppression  level  as  a  percentage  of  total  available 
bandwidth  in  packets  per  second  or  in  bits  per  second. 

Lower 

Displays  the  falling  suppression  level  as  a  percentage  of  total  available 
bandwidth  in  packets  per  second  or  in  bits  per  second. 

Current 

Displays  the  bandwidth  usage  of  broadcast  traffic  or  the  specified  traffic 
type  (broadcast,  multicast,  or  unicast)  as  a  percentage  of  total  available 
bandwidth.  This  field  is  only  valid  when  storm  control  is  enabled. 

Related  Commands      Command  Description 

storm-control  Sets  the  broadcast,  multicast,  or  unicast  storm  control  levels  for  the  switch. 
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show  system  mtu 


Use  the  show  system  mtu  privileged  EXEC  command  to  display  the  global  maximum  transmission  unit 
(MTU)  or  maximum  packet  size  set  for  the  switch. 

show  system  mtu  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  you  have  used  the  system  mtu  or  system  mtu  jumbo  global  configuration  command  to  change  the 
MTU  setting,  the  new  setting  does  not  take  effect  until  you  reset  the  switch. 

The  system  MTU  refers  to  ports  operating  at  10/100  Mb/s;  the  system  jumbo  MTU  refers  to  Gigabit 
ports;  the  system  routing  MTU  refers  to  routed  ports. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  system  mtu  command: 

Switch#  show  system  mtu 

System  MTU  size  is  1500  bytes 
System  Jumbo  MTU  size  is  1550  bytes 


Related  Commands 


Command 

system  mtu 


Description 

Sets  the  MTU  size  for  the  Fast  Ethernet,  Gigabit  Ethernet,  or  routed  ports. 
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show  udld 


Use  the  show  udld  user  EXEC  command  to  display  UniDirectional  Link  Detection  (UDLD) 
administrative  and  operational  status  for  all  ports  or  the  specified  port. 

show  udld  [interface-id]  [  I  {begin  I  exclude  I  include)  expression] 


Syntax  Description 

interjace-ia 

(Optional)  ID  of  the  interface  and  port  number.  Valid  interfaces  include 

physical  ports  and  VLANs.  The  VLAN  range  is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


If  you  do  not  enter  an  interface-id,  administrative  and  operational  UDLD  status  for  all  interfaces  appear. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  udld  interface-id  command.  For  this  display,  UDLD  is 
enabled  on  both  ends  of  the  link,  and  UDLD  detects  that  the  link  is  bidirectional.  Table  2-28  describes 
the  fields  in  this  display. 

Switch>  show  udld  gigabitethernetO/1 

Interface  giO/1 


Port  enable  administrative  configuration  setting:   Follows  device  default 
Port  enable  operational  state:  Enabled 
Current  bidirectional  state:  Bidirectional 

Current  operational  state:  Advertisement  -  Single  Neighbor  detected 
Message  interval:  60 
Time  out  interval :  5 
Entry  1 

Expiration  time:  146 
Device  ID:  1 

Current  neighbor  state:  Bidirectional 
Device  name:  Switch-A 
Port  ID:  GiO/1 

Neighbor  echo  1  device:  Switch-B 
Neighbor  echo  1  port:  GiO/2 
Message  interval :  5 
CDP  Device  name:  Switch-A 
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Table  2-28        show  udld  Field  Descriptions 


FiolH 

neiu 

Description 

Interface 

The  interface  on  the  local  device  configured  for  UDLD. 

Port  enable  administrative 
configuration  setting 

How  UDLD  is  configured  on  the  port.  If  UDLD  is  enabled  or 
disabled,  the  port  enable  configuration  setting  is  the  same  as  the 
operational  enable  state.  Otherwise,  the  enable  operational  setting 
depends  on  the  global  enable  setting. 

Port  enable  operational  state 

Operational  state  that  shows  whether  UDLD  is  actually  running  on 
this  port. 

Current  bidirectional  state 

The  bidirectional  state  of  the  link.  An  unknown  state  appears  if  the 
link  is  down  or  if  it  is  connected  to  an  UDLD-incapable  device.  A 
bidirectional  state  appears  if  the  link  is  a  normal  two-way  connection 
to  a  UDLD-capable  device.  All  other  values  mean  miswiring. 

Current  operational  state 

The  current  phase  of  the  UDLD  state  machine.  For  a  normal 
bidirectional  link,  the  state  machine  is  most  often  in  the 
Advertisement  phase. 

Message  interval 

How  often  advertisement  messages  are  sent  from  the  local  device. 
Measured  in  seconds. 

Time  out  interval 

The  time  period,  in  seconds,  that  UDLD  waits  for  echoes  from  a 
neighbor  device  during  the  detection  window. 

Entry  1 

Information  from  the  first  cache  entry,  which  contains  a  copy  of  echo 
information  received  from  the  neighbor. 

Expiration  time 

The  amount  of  time  in  seconds  remaining  before  this  cache  entry  is 
aged  out. 

Device  ID 

The  neighbor  device  identification. 

Current  neighbor  state 

The  neighbor's  current  state.  If  both  the  local  and  neighbor  devices 
are  running  UDLD  normally,  the  neighbor  state  and  local  state 
should  be  bidirectional.  If  the  link  is  down  or  the  neighbor  is  not 
UDLD-capable,  no  cache  entries  appear. 

Device  name 

The  device  name  or  the  system  serial  number  of  the  neighbor.  The 
system  serial  number  appears  if  the  device  name  is  not  set  or  is  set  to 
the  default  (Switch). 

Port  ID 

The  neighbor  port  ID  enabled  for  UDLD. 

iNcignuoi  ecno  i  ucvicc 

1 11C  UCV1LC  llalllC  Ul  L11C  llClgllUUla     llClgllUUl  11U111  W111U11  L11C  CU11U 

originated. 

Neighbor  echo  1  port 

The  port  number  ID  of  the  neighbor  from  which  the  echo  originated. 

Message  interval 

The  rate,  in  seconds,  at  which  the  neighbor  is  sending  advertisement 
messages. 

CDP  device  name 

The  CDP  device  name  or  the  system  serial  number.  The  system  serial 
number  appears  if  the  device  name  is  not  set  or  is  set  to  the  default 
(Switch). 
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show  udld  H 


Related  Commands      Command  Description 


udld 

Enables  aggressive  or  normal  mode  in  UDLD  or  sets  the 
configurable  message  timer  time. 

udld  port 

Enables  UDLD  on  an  individual  interface  or  prevents  a  fiber-optic 

interface  from  being  enabled  by  the  udld  global  configuration 

command. 

udld  reset 

Resets  all  interfaces  shutdown  by  UDLD  and  permits  traffic  to  begin 
passing  through  them  again. 
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show  version 


Use  the  show  version  user  EXEC  command  to  display  version  information  for  the  hardware  and 
firmware. 

show  version  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines        Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  version  command: 


Note      Though  visible  in  the  show  version  output,  the  configuration  register  information  is  not  supported  on 
the  switch. 

Switch>  show  version 

Cisco  IOS  Software,    CGESM  Software    (CGESM-I6L2-M) ,   Version  12.2(25)SE1,    RELEASE  SOFTWARE 
(fc) 

Copyright   (c)    1986-2004  by  Cisco  Systems,  Inc. 
Compiled  Mon  06-Dec-04  22:52  by  yenanh 

ROM:   Bootstrap  program  is  CGESM  boot  loader 

BOOTLDR:    cgesm  Boot  Loader    (CGESM-HBOOT-M) ,   Version  12.2    [mbutts-f all_04  102] 

Halberd_A  uptime  is  1  week,    1  day,    27  minutes 
System  returned  to  ROM  by  power-on 

System  image  file  is   " flash : cgesm-i612 -mz . 122 -25 . SE1 /cgesm-i612-mz . 122-25 . SE1 . bin" 

cisco  371098-001    (PowerPC405)   processor   (revision  01)   with  118784K/12280K  bytes  of  memory. 

Processor  board  ID  FHH083800HY 

Last  reset  from  power-on 

3  Virtual  Ethernet  interfaces 

24  Gigabit  Ethernet  interfaces 

The  password-recovery  mechanism  is  disabled. 


512K  bytes  of  flash-simulated  non-volatile  configuration  memory. 
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Base  ethernet  MAC  Address 
Motherboard  assembly  number 
Motherboard  serial  number 
Model  revision  number 
Motherboard  revision  number 
Model  number 

Daughterboard  assembly  number 
Daughterboard  serial  number 
System  serial  number 
Top  Assembly  Part  Number 
Top  Assembly  Revision  Number 
Version  ID 

Daughterboard  revision  number 
Hardware  Board  Revision  Number 


00 : 0B:FC : FC : 73 : 

73-9666-06 

FHH0838000G 

01 

02 

371098-001 

73-9697-04 

FHH0838006R 

FHH083800HY 

800-25741-01 

08 

V01 

02 

0x02 


Switch       Ports     Model  SW  Version 

*         1       24  371098-001  12.2(25)SE1 

Configuration  register  is  OxF 


SW  Image 
CGESM-I6L2-M 
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show  vlan 


Use  the  show  vlan  user  EXEC  command  to  display  the  parameters  for  all  configured  VLANs  or  one 
VLAN  (if  the  VLAN  ID  or  name  is  specified)  on  the  switch. 

show  vlan  [brief  I  id  vlan-id  I  mtu  I  name  vlan-name  I  remote-span  I  summary]  [  I  {begin  I 
exclude  I  include}  expression] 


Syntax  Description 

brief 

(Optional)  Display  one  line  for  each  VLAN  with  the  VLAN  name,  status, 

n  n  H  i  t"c  nnrt  c 

clllU  1LS  JJU1LS. 

dotlq  tag  native 

(Optional)  Display  the  IEEE  802. 1Q  native  VLAN  tagging  status. 

id  vlan-id 

(Optional)  Display  information  about  a  single  VLAN  identified  by  VLAN 
ID  number.  For  vlan-id,  the  range  is  1  to  4094. 

mtu 

(Optional)  Display  a  list  of  VLANs  and  the  minimum  and  maximum 
transmission  unit  (MTU)  sizes  configured  on  ports  in  the  VLAN. 

name  vlan-name 

(Optional)  Display  information  about  a  single  VLAN  identified  by  VLAN 
name.  The  VLAN  name  is  an  ASCII  string  from  1  to  32  characters. 

remote-span 

(Optional)  Display  information  about  Remote  SPAN  (RSPAN)  VLANs. 

summary 

(Optional)  Display  VLAN  summary  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

X 

Note 

Though  visible  in  the  command-line  help  string,  the  ifindex,  internal  usage,  and  private- vlan  keywords 
are  not  supported. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 
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show  vlan  M 


Usage  Guidelines       In  the  show  vlan  mtu  command  output,  the  MTU_Mismatch  column  shows  whether  all  the  ports  in  the 
VLAN  have  the  same  MTU.  When  yes  appears  in  this  column,  it  means  that  the  VLAN  has  ports  with 
different  MTUs,  and  packets  that  are  switched  from  a  port  with  a  larger  MTU  to  a  port  with  a  smaller 
MTU  might  be  dropped.  If  the  VLAN  does  not  have  an  SVI,  the  hyphen  (-)  symbol  appears  in  the 
SVMVITU  column.  If  the  MTU-Mismatch  column  displays  yes,  the  names  of  the  port  with  the  MinMTU 
and  the  port  with  the  MaxMTU  appear. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  This  is  an  example  of  output  from  the  show  vlan  command.  Table  2-29  describes  the  fields  in  the  display. 

Switch>  show  vlan 


VLAN 

Name 

Status  Ports 

1 

default 

active  Gi0/1, 

GiO/2,    Gi0/3,  Gi0/4 

Gi0/5, 

GiO/6,    Gi0/7,  Gi0/8 

Gi0/9, 

Gi0/10,    Gi0/ll,  Gi0/12 

Gi0/13 , 

Gi0/14,    Gi0/15,  Gi0/16 

324 

VLAN0324 

active  GiO/23 

888 

VLAN0 

388 

active  GiO/19 

999 

VLAN0  999 

active  GiO/20, 

Gi0/21,  Gi0/22 

1002 

f ddi-def ault 

act/unsup 

1003 

token 

-ring-default 

act/unsup 

1004 

fddinet -default 

act/unsup 

1005 

trnet 

-default 

act/unsup 

VLAN 

Type 

SAID 

MTU 

Parent 

RingNo  BridgeNo  Stp 

BrdgMode  Transl  Trans2 

1 

enet 

100001 

1500 

0  0 

324 

enet 

100324 

1500 

0  0 

888 

enet 

100888 

1500 

0  0 

999 

enet 

100999 

1500 

0  0 

1002 

fddi 

101002 

1500 

0  0 

1003 

tr 

101003 

1500 

0  0 

VLAN 

Type 

SAID 

MTU 

Parent 

RingNo  BridgeNo  Stp 

BrdgMode  Transl  Trans2 

1004 

f  dnet 

101004 

1500 

ieee 

0  0 

1005 

trnet 

101005 

1500 

ibm 

0  0 

Remote  SPAN  VLANs 


Primary  Secondary  Type  Ports 


M2#show  vlan 


Table  2-29         show  vlan  Command  Output  Fields 


Field 

Description 

VLAN 

VLAN  number. 

Name 

Name,  if  configured,  of  the  VLAN. 

Status 

Status  of  the  VLAN  (active  or  suspend). 

Ports 

Ports  that  belong  to  the  VLAN. 
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Table  2-29 


show  vlan  Command  Output  Fields  (continued) 


Field 

Description 

Type 

Media  type  of  the  VLAN. 

SAID 

Security  association  ID  value  for  the  VLAN. 

MTU 

Maximum  transmission  unit  size  for  the  VLAN. 

Parent 

Parent  VLAN,  if  one  exists. 

RingNo 

Ring  number  for  the  VLAN,  if  applicable. 

BrdgNo 

Bridge  number  for  the  VLAN,  if  applicable. 

Stp 

Spanning  Tree  Protocol  type  used  on  the  VLAN. 

BrdgMode 

Bridging  mode  for  this  VLAN — possible  values  are  source-route  bridging 
(SRB)  and  source-route  transparent  (SRT);  the  default  is  SRB. 

Trans  1 

Translation  bridge  1. 

Trans2 

Translation  bridge  2. 

Remote  SPAN  VLANs 

Identifies  any  RSPAN  VLANs  that  have  been  configured. 

This  is  an  example  of  output  from  the  show  vlan  summary  command: 

Switch>  show  vlan  summary 

Number  of  existing  VLANs 
Number  of  existing  VTP  VLANs 
Number  of  existing  extended  VLANs 

This  is  an  example  of  output  from  the  show  vlan  id  command. 


Switch#  show  vlan  id  1 

VLAN  Name 


Status 


Ports 


default 


active        GiO/1,   GiO/2,   GiO/3,  GiO/4 
GiO/5,    GiO/6,    GiO/7,  GiO/8 
GiO/9,    GiO/10,    GiO/11,  GiO/12 
GiO/13,    GiO/14,    GiO/15,  GiO/16 


VLAN  Type  SAID 
1         enet  100001 
Remote  SPAN  VLAN 
Disabled 

Primary  Secondary  Type 


MTU  Parent  RingNo  BridgeNo  Stp  BrdgMode  Transl  Trans2 
1500     -  -         -  0  0 


Ports 
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show  vlan  M 


Related  Commands      Command  Description 

switchport  mode  Configures  the  VLAN  membership  mode  of  a  port. 

vlan  (global  Enables  VLAN  configuration  mode  where  you  can  configure  VLANs  1  to 

configuration)  4094. 

vlan  (VLAN  Configures  VLAN  characteristics  in  the  VLAN  database.  Only  available  for 

configuration)  normal-range  VLANs  (VLAN  IDs  1  to  1005).  Do  not  enter  leading  zeros. 
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show  vlan  access-map 


Use  the  show  vlan  access-map  privileged  EXEC  command  to  display  information  about  a  particular 
VLAN  access  map  or  for  all  VLAN  access  maps. 

show  vlan  access-map  [mapname]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


Usage  Guidelines 


Examples 


Related  Commands 


mapname 

(Optional)  Name  of  a  specific  VLAN  access  map. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  1  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 

This  is  an  example  of  output  from  the  show  vlan  access-map  command: 

Switch#  show  vlan  access-map 

Vlan  access-map  "SecWiz"  10 
Match  clauses: 

ip     address:  SecWiz_GiO_3_in_ip 
ip     address:  SecWiz_FalO_3_in_ip 

Action : 
forward 

Command 

Description 

show  vlan  filter 

Displays  information  about  all  VLAN  filters  or  about  a  particular  VLAN  or 
VLAN  access  map. 

vlan  access-map 

Creates  a  VLAN  map  entry  for  VLAN  packet  filtering. 

vlan  filter 

Applies  a  VLAN  map  to  one  or  more  VLANs. 
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show  vlan  filter  N 


show  vlan  filter 


Use  the  show  vlan  filter  privileged  EXEC  command  to  display  information  about  all  VLAN  filters  or 
about  a  particular  VLAN  or  VLAN  access  map. 

show  vlan  filter  [access-map  name  I  vlan  vlan-id]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


access-map  name 

(Optional)  Display  filtering  information  for  the  specified  VLAN  access  map. 

vlan  vlan-id 

(Optional)  Display  filtering  information  for  the  specified  VLAN.  The  range  is 
1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  vlan  filter  command: 


Switch#  show  vlan  filter 

VLAN  Map  map_l   is   filtering  VLANs : 
20-22 


Related  Commands 


Command 

Description 

show  vlan  access-map 

Displays  information  about  a  particular  VLAN  access  map  or  for  all 

VLAN  access  maps. 

vlan  access-map 

Creates  a  VLAN  map  entry  for  VLAN  packet  filtering. 

vlan  filter 

Applies  a  VLAN  map  to  one  or  more  VLANs. 
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show  vmps 


Use  the  show  vmps  user  EXEC  command  without  keywords  to  display  the  VLAN  Query  Protocol  ( VQP) 
version,  reconfirmation  interval,  retry  count,  VLAN  Membership  Policy  Server  (VMPS)  IP  addresses, 
and  the  current  and  primary  servers,  or  use  the  statistics  keyword  to  display  client-side  statistics. 

show  vmps  [statistics]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

statistics 

(Optional)  Display  VQP  client-side  statistics  and  counters. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

User  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  vmps  command: 

Switch>  show  vmps 
VQP  Client  Status: 


VMPS  VQP  Version:  1 

Reconfirm  Interval:  60  min 

Server  Retry  Count :  3 
VMPS  domain  server: 


Reconfirmation  status 
VMPS  Action:  other 
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show  vmps  M 


This  is  an  example  of  output  from  the  show  vmps  statistics  command.  Table  2-30  describes  each  field 
in  the  display. 

Switch>  show  vmps  statistics 

VMPS  Client  Statistics 


VQP  Queries:  0 

VQP  Responses:  0 

VMPS  Changes:  0 

VQP  Shutdowns :  0 

VQP  Denied:  0 

VQP  Wrong  Domain:  0 

VQP  Wrong  Version:  0 


VQP     Insufficient  Resource:  0 


Table  2-30         show  vmps  statistics  Field  Descriptions 


Field 

Description 

VQP  Queries 

Number  of  queries  sent  by  the  client  to  the  VMPS. 

VQP  Responses 

Number  of  responses  sent  to  the  client  from  the  VMPS. 

VMro  Changes 

Number  of  times  that  the  VMPS  changed  from  one  server  to  another. 

VQP  Shutdowns 

Number  of  times  the  VMPS  sent  a  response  to  shut  down  the  port.  The  client 
disables  the  port  and  removes  all  dynamic  addresses  on  this  port  from  the 
address  table.  You  must  administratively  re-enable  the  port  to  restore 
connectivity. 

VQP  Denied 

Number  of  times  the  VMPS  denied  the  client  request  for  security  reasons.  When 
the  VMPS  response  denies  an  address,  no  frame  is  forwarded  to  or  from  the 
workstation  with  that  address  (broadcast  or  multicast  frames  are  delivered  to  the 
workstation  if  the  port  has  been  assigned  to  a  VLAN).  The  client  keeps  the 
denied  address  in  the  address  table  as  a  blocked  address  to  prevent  more  queries 
from  being  sent  to  the  VMPS  for  each  new  packet  received  from  this 
workstation.  The  client  ages  the  address  if  no  new  packets  are  received  from  this 
workstation  on  this  port  within  the  aging  time  period. 

VQP  Wrong  Domain 

Number  of  times  the  management  domain  in  the  request  does  not  match  the  one 
for  the  VMPS.  Any  previous  VLAN  assignments  of  the  port  are  not  changed. 
This  response  means  that  the  server  and  the  client  have  not  been  configured  with 
the  same  VTP  management  domain. 

VQP  Wrong  Version 

Number  of  times  the  version  field  in  the  query  packet  contains  a  value  that  is 
higher  than  the  version  supported  by  the  VMPS.  The  VLAN  assignment  of  the 
port  is  not  changed.  The  switches  send  only  VMPS  Version  1  requests. 

VQP  Insufficient 
Resource 

Number  of  times  the  VMPS  is  unable  to  answer  the  request  because  of  a 
resource  availability  problem.  If  the  retry  limit  has  not  yet  been  reached,  the 
client  repeats  the  request  with  the  same  server  or  with  the  next  alternate  server, 
depending  on  whether  the  per-server  retry  count  has  been  reached. 
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Related  Commands      Command  Description 


clear  vmps  statistics 

Clears  the  statistics  maintained  by  the  VQP  client. 

vmps  reconfirm 

Sends  VQP  queries  to  reconfirm  all  dynamic  VLAN  assignments  with  the 

(privileged  EXEC) 

VMPS. 

vmps  retry 

Configures  the  per-server  retry  count  for  the  VQP  client. 

vmps  server 

Configures  the  primary  VMPS  and  up  to  three  secondary  servers. 
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show  vtp 


Use  the  show  vtp  user  EXEC  command  to  display  general  information  about  the  VLAN  Trunking 
Protocol  (VTP)  management  domain,  status,  and  counters. 

show  vtp  { counters  I  password  I  status  J  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 


counters 

Display  the  VTP  statistics  for  the  switch. 

password 

Display  the  configured  VTP  password. 

status 

Display  general  information  about  the  VTP  management  domain  status. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 


User  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples 


This  is  an  example  of  output  from  the  show  vtp  counters  command.  Table  2-31  describes  each  field  in 
the  display. 

Switch>  show  vtp  counters 


VTP  statistics: 

Summary  advertisements  received 
Subset  advertisements  received 
Request  advertisements  received 
Summary  advertisements  transmitted 
Subset  advertisements  transmitted 
Request  advertisements  transmitted 
Number  of  config  revision  errors 
Number  of  config  digest  errors 
Number  of  VI  summary  errors 


VTP  pruning  statistics: 

Trunk  Join  Transmitted  Join  Received 


Summary  advts  received  from 
non-pruning-capable  device 


GiO/1 
GiO/2 
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Table  2-31        show  vtp  counters  Field  Descriptions 


Field 

Description 

Summary  advertisements 
received 

Number  of  summary  advertisements  received  by  this  switch  on  its  trunk 
ports.  Summary  advertisements  contain  the  management  domain  name, 
the  configuration  revision  number,  the  update  timestamp  and  identity, 

LI1C  alllllCIlllCallOIl  CI1CCKSUI11,  allU  LI1C  I1UII1UC1  Ul  SUUSCl  aUVCI  L1SCII1CI1LS  LO 

follow. 

Subset  advertisements 
received 

Number  of  subset  advertisements  received  by  this  switch  on  its  trunk 
ports.  Subset  advertisements  contain  all  the  information  for  one  or  more 
VLANs. 

Request  advertisements 
received 

Number  of  advertisement  requests  received  by  this  switch  on  its  trunk 
ports.  Advertisement  requests  normally  request  information  on  all 
VLANs.  They  can  also  request  information  on  a  subset  of  VLANs. 

Summary  advertisements 
transmitted 

Number  of  summary  advertisements  sent  by  this  switch  on  its  trunk 
ports.  Summary  advertisements  contain  the  management  domain  name, 
the  configuration  revision  number,  the  update  timestamp  and  identity, 
the  authentication  checksum,  and  the  number  of  subset  advertisements  to 
follow. 

Subset  advertisements 
transmitted 

Number  of  subset  advertisements  sent  by  this  switch  on  its  trunk  ports. 
Subset  advertisements  contain  all  the  information  for  one  or  more 
VLANs. 

Request  advertisements 
transmitted 

Number  of  advertisement  requests  sent  by  this  switch  on  its  trunk  ports. 
Advertisement  requests  normally  request  information  on  all  VLANs. 
They  can  also  request  information  on  a  subset  of  VLANs. 

Number  of  configuration 

Number  of  revision  errors. 

revision  errors 

Whenever  you  define  a  new  VLAN,  delete  an  existing  one,  suspend  or 
resume  an  existing  VLAN,  or  modify  the  parameters  on  an  existing 
VLAN,  the  configuration  revision  number  of  the  switch  increments. 

Revision  errors  increment  whenever  the  switch  receives  an 
advertisement  whose  revision  number  matches  the  revision  number  of 
the  switch,  but  the  MD5  digest  values  do  not  match.  These  errors  mean 
that  the  VTP  password  in  the  two  switches  is  different  or  that  the 
switches  have  different  configurations. 

These  errors  mean  that  the  switch  is  filtering  incoming  advertisements, 
which  causes  the  VTP  database  to  become  unsynchronized  across  the 
network. 

Number  of  configuration 
digest  errors 

Number  of  MD5  digest  errors. 

Digest  errors  increment  whenever  the  MD5  digest  in  the  summary  packet 
and  the  MD5  digest  of  the  received  advertisement  calculated  by  the 
switch  do  not  match.  This  error  usually  means  that  the  VTP  password  in 
the  two  switches  is  different.  To  solve  this  problem,  make  sure  the  VTP 
password  on  all  switches  is  the  same. 

These  errors  mean  that  the  switch  is  filtering  incoming  advertisements, 
which  causes  the  VTP  database  to  become  unsynchronized  across  the 
network. 
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Table  2-31        show  vtp  counters  Field  Descriptions  (continued) 


Field 

Description 

Number  of  VI  summary 

Number  of  Version  1  errors. 

errors 

Version  1  summary  errors  increment  whenever  a  switch  in  VTP  V2  mode 
receives  a  VTP  Version  1  frame.  These  errors  mean  that  at  least  one 
neighboring  switch  is  either  running  VTP  Version  1  or  VTP  Version  2 
with  V2-mode  disabled.  To  solve  this  problem,  change  the  configuration 
of  the  switches  in  VTP  V2-mode  to  disabled. 

Join  Transmitted 

Number  of  VTP  pruning  messages  sent  on  the  trunk. 

Join  Received 

Number  of  VTP  pruning  messages  received  on  the  trunk. 

Summary  Advts  Received 
from  non-pruning-capable 
device 

Number  of  VTP  summary  messages  received  on  the  trunk  from  devices 
that  do  not  support  pruning. 

This  is  an  example  of  output  from  the  show  vtp  status  command.  Table  2-32  describes  each  field  in  the 
display. 

Switch>  show  vtp  status 

VTP  Version                                            :  2 

Configuration  Revision                    :  0 

Maximum  VLANs  supported  locally   :  1005 

Number  of  existing  VLANs                  :  45 

VTP  Operating  Mode                            :  Transparent 

VTP  Domain  Name                                  :  shared_testbedl 

VTP  Pruning  Mode                              :  Disabled 

VTP  V2  Mode                                       :  Disabled 

VTP  Traps  Generation                        :  Enabled 

MD5  digest                                              :    0x3A  0x29   0x86   0x39   0xB4   0x5D  0x58  0xD7 

Table  2-32        show  vtp  status  Field  Descriptions 

Field 

Description 

VTP  Version 

Displays  the  VTP  version  operating  on  the  switch.  By  default,  the  switch 
implements  Version  1  but  can  be  set  to  Version  2. 

Configuration  Revision 

Current  configuration  revision  number  on  this  switch. 

Maximum  VLANs 
Supported  Locally 

Maximum  number  of  VLANs  supported  locally. 

Number  of  Existing 
VLANs 

Number  of  existing  VLANs. 
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Table  2-32        show  vtp  status  Field  Descriptions  (continued) 


Field 

Description 

VTP  Operating  Mode 

Displays  the  VTP  operating  mode,  which  can  be  server,  client,  or 
transparent. 

Server:  a  switch  in  VTP  server  mode  is  enabled  for  VTP  and  sends 
advertisements.  You  can  configure  VLANs  on  it.  The  switch  guarantees 
that  it  can  recover  all  the  VLAN  information  in  the  current  VTP  database 
from  NVRAM  after  reboot.  By  default,  every  switch  is  a  VTP  server. 

Note     The  switch  automatically  changes  from  VTP  server  mode  to  VTP 
client  mode  if  it  detects  a  failure  while  writing  the  configuration 
to  NVRAM  and  cannot  return  to  server  mode  until  the  NVRAM 
is  functioning. 

Client:  a  switch  in  VTP  client  mode  is  enabled  for  VTP,  can  send 
advertisements,  but  does  not  have  enough  nonvolatile  storage  to  store 

17TATWT                 1"                  .  *                   -\r                                 ,                 f                    1  tt      A  X  T                           IT  71                     -it  m  T~» 

VLAN  configurations.  You  cannot  configure  VLANs  on  it.  When  a  VTP 
client  starts  up,  it  does  not  send  VTP  advertisements  until  it  receives 
advertisements  to  initialize  its  VLAN  database. 

Transparent:  a  switch  in  VTP  transparent  mode  is  disabled  for  VTP,  does 
not  send  or  learn  from  advertisements  sent  by  other  devices,  and  cannot 
affect  VLAN  configurations  on  other  devices  in  the  network.  The  switch 
receives  VTP  advertisements  and  forwards  them  on  all  trunk  ports  except 
the  one  on  which  the  advertisement  was  received. 

VTP  Domain  Name 

Name  that  identifies  the  administrative  domain  for  the  switch. 

VTP  Pruning  Mode 

Displays  whether  pruning  is  enabled  or  disabled.  Enabling  pruning  on  a 
VTP  server  enables  pruning  for  the  entire  management  domain.  Pruning 
restricts  flooded  traffic  to  those  trunk  links  that  the  traffic  must  use  to 
access  the  appropriate  network  devices. 

VTP  V2  Mode 

Displays  if  VTP  Version  2  mode  is  enabled.  All  VTP  Version  2  switches 
operate  in  Version  1  mode  by  default.  Each  VTP  switch  automatically 
detects  the  capabilities  of  all  the  other  VTP  devices.  A  network  of  VTP 
devices  should  be  configured  to  Version  2  only  if  all  VTP  switches  in  the 
network  can  operate  in  Version  2  mode. 

VTP  Traps  Generation 

Displays  whether  VTP  traps  are  sent  to  a  network  management  station. 

MD5  Digest 

A  16-byte  checksum  of  the  VTP  configuration. 

Configuration  Last 
Modified 

Displays  the  date  and  time  of  the  last  configuration  modification. 
Displays  the  IP  address  of  the  switch  that  caused  the  configuration  change 
to  the  database. 

Related  Commands      Command  Description 


clear  vtp  counters 

Clears  the  VTP  and  pruning  counters. 

vtp  (global  configuration) 

Configures  the  VTP  filename,  interface  name,  domain  name,  and  mode. 

vtp  (VLAN  configuration) 

Configures  the  VTP  domain  name,  password,  pruning,  and  mode. 
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shutdown 

Use  the  shutdown  interface  configuration  command  to  disable  an  interface.  Use  the  no  form  of  this 
command  to  restart  a  disabled  interface. 

shutdown 

no  shutdown 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  The  port  is  enabled  (not  shut  down). 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  shutdown  command  causes  a  port  to  stop  forwarding.  You  can  enable  the  port  with  the  no  shutdown 

command. 

The  no  shutdown  command  has  no  effect  if  the  port  is  a  static-access  port  assigned  to  a  VLAN  that  has 
been  deleted,  suspended,  or  shut  down.  The  port  must  first  be  a  member  of  an  active  VLAN  before  it  can 
be  re-enabled. 

The  shutdown  command  disables  all  functions  on  the  specified  interface. 

This  command  also  marks  the  interface  as  unavailable.  To  see  if  an  interface  is  disabled,  use  the  show 
interfaces  privileged  EXEC  command.  An  interface  that  has  been  shut  down  is  shown  as 
administratively  down  in  the  display. 


Examples  These  examples  show  how  to  disable  and  re-enable  a  port: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if) #  shutdown 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  no  shutdown 

You  can  verify  your  settings  by  entering  the  show  interfaces  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  interfaces  Displays  the  statistical  information  specific  to  all  interfaces  or  to  a  specific 

interface. 
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shutdown  vlan 


Use  the  shutdown  vlan  global  configuration  command  to  shut  down  (suspend)  local  traffic  on  the 
specified  VLAN.  Use  the  no  form  of  this  command  to  restart  local  traffic  on  the  VLAN. 

shutdown  vlan  vlan-id 

no  shutdown  vlan  vlan-id 


Syntax  Description  vlan-id 


ID  of  the  VLAN  to  be  locally  shut  down.  The  range  is  2  to  1001.  VLANs  defined  as 
default  VLANs  under  the  VLAN  Trunking  Protocol  (VTP),  as  well  as 
extended-range  VLANs  (greater  than  1005)  cannot  be  shut  down.  The  default 
VLANs  are  1  and  1002  to  1005. 


Defaults 


No  default  is  defined. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  shutdown  vlan  command  does  not  change  the  VLAN  information  in  the  VTP  database.  The 
command  shuts  down  local  traffic,  but  the  switch  still  advertises  VTP  information. 


Examples 


This  example  shows  how  to  shut  down  traffic  on  VLAN  2: 

Switch (config) #  shutdown  vlan  2 

You  can  verify  your  setting  by  entering  the  show  vlan  privileged  EXEC  command. 


Related  Commands 


Command  Description 

shutdown  Shuts  down  local  traffic  on  the  VLAN  when  in  config-VLAN  mode  (accessed 

(config-vlan  mode)  by  the  vlan  vlan-id  global  configuration  command). 

vlan  database  Enters  VLAN  configuration  mode. 
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snmp-server  enable  traps 

Use  the  snmp-server  enable  traps  global  configuration  command  to  enable  the  switch  to  send  Simple 
Network  Management  Protocol  (SNMP)  notifications  for  various  traps  or  inform  requests  to  the  network 
management  system  (NMS).  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

snmp-server  enable  traps  [bridge  [newroot]  [topologychange]  I  cluster  I  config  I  copy-config  I 
entity  I  envmon  [fan  I  shutdown  I  status  I  supply  I  temperature]  I  flash  I  hsrp  I  ipmulticast  I 
mac-notification  I  msdp  I  ospf  [cisco-specific  I  errors  I  lsa  I  rate-limit  I  retransmit  I 
state-change]  I  pim  [invalid-pim-message  I  neighbor-change  I  rp-mapping-change]  I 
port-security  [trap-rate  value]  I  rtr  I  snmp  [authentication  I  coldstart  I  linkdown  I  linkup  I 
warmstart]  I  storm-control  trap-rate  value  I  stpx  [inconsistency]  [root-inconsistency] 
[loop-inconsistency]  I  syslog  I  tty  I  vlan-membership  I  vlancreate  I  vlandelete  I  vtp] 

no  snmp-server  enable  traps  [bridge  [newroot]  [topologychange]  I  cluster  I  config  I  copy-config 
I  entity  I  envmon  [fan  I  shutdown  I  status  I  supply  I  temperature]  I  flash  I  hsrp  I  ipmulticast 
I  mac-notification  I  msdp  I  ospf  [cisco-specific  I  errors  I  lsa  I  rate-limit  I  retransmit  I 
state-change]  I  pim  [invalid-pim-message  I  neighbor-change  I  rp-mapping-change]  I 
port-security  [trap-rate]  I  rtr  I  snmp  [authentication  I  coldstart  I  linkdown  I  linkup  I 
warmstart]  I  storm-control  trap-rate  I  stpx  [inconsistency]  [root-inconsistency] 
[loop-inconsistency]  I  syslog  I  tty  I  vlan-membership  I  vlancreate  I  vlandelete  I  vtp] 


Syntax  Description      bridge  [newroot]  (Optional)  Generate  STP  bridge  MIB  traps.  The  keywords  have  these 

[topologychange]  meanings: 

•  newroot — (Optional)  Enable  SNMP  STP  Bridge  MIB  new  root  traps. 

•  topologychange — (Optional)  Enable  SNMP  STP  Bridge  MIB  topology 
change  traps. 


cluster 

(Optional)  Enable  cluster  traps. 

config 

(Optional)  Enable  SNMP  configuration  traps. 

copy-config 

(Optional)  Enable  SNMP  copy-configuration  traps. 

entity 

(Optional)  Enable  SNMP  entity  traps. 

envmon  [fan  1 

Optional)  Enable  SNMP  environmental  traps.  The  keywords  have  these 

shutdown  1  status  1 

meanings: 

supply  1  temperature] 

•    fan — (Optional)  Enable  fan  traps. 

•    shutdown — (Optional)  Enable  environmental  monitor  shutdown  traps. 

•    status — (Optional)  Enable  SNMP  environmental  status-change  traps. 

•    supply — (Optional)  Enable  environmental  monitor  power-supply  traps. 

•    temperature — (Optional)  Enable  environmental  monitor  temperature 

traps. 

flash 

(Optional)  Enable  SNMP  FLASH  notifications. 

hsrp 

(Optional)  Enable  Hot  Standby  Router  Protocol  (HSRP)  traps. 

ipmulticast 

(Optional)  Enable  IP  multicast  routing  traps. 

mac-notification 

(Optional)  Enable  MAC  address  notification  traps. 

msdp 

(Optional)  Enable  Multicast  Source  Discovery  Protocol  (MSDP)  traps. 
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(Optional)  Enable  Open  Shortest  Path  First  (OSPF)  traps.  The  keywords  have 
these  meanings: 

•  cisco-specific — (Optional)  Enable  Cisco-specific  traps. 

•  errors — (Optional)  Enable  error  traps. 

•  lsa — (Optional)  Enable  link-state  advertisement  (LSA)  traps. 

•  rate-limit — (Optional)  Enable  rate-limit  traps. 

•  retransmit — (Optional)  Enable  packet-retransmit  traps. 

•  state-change — (Optional)  Enable  state-change  traps. 

(Optional)  Enable  Protocol-Independent  Multicast  (PIM)  traps.  The 
keywords  have  these  meanings: 

•  invalid-pim-message — (Optional)  Enable  invalid  PIM  message  traps. 

•  neighbor-change — (Optional)  Enable  PIM  neighbor-change  traps. 

•  rp-mapping-change — (Optional)  Enable  rendezvous  point 
(RP)-mapping  change  traps. 

(Optional)  Enable  port  security  traps.  Use  the  trap-rate  keyword  to  set  the 
maximum  number  of  port-security  traps  sent  per  second.  The  range  is  from 
0  to  1000;  the  default  is  0  (no  limit  imposed;  a  trap  is  sent  at  every 
occurrence). 

rtr  (Optional)  Enable  SNMP  Response  Time  Reporter  traps. 

(Optional)  Enable  SNMP  traps.  The  keywords  have  these  meanings: 

•  authentication — (Optional)  Enable  authentication  trap. 

•  coldstart — (Optional)  Enable  cold  start  trap. 

•  linkdown — (Optional)  Enable  linkdown  trap. 

•  linkup — (Optional)  Enable  linkup  trap. 

•  warmstart — (Optional)  Enable  warmstart  trap. 

storm-control  (Optional)  Enable  storm-control  traps.  Use  the  trap-rate  keyword  to  set  the 

trap-rate  value  maximum  number  of  storm-control  traps  sent  per  second.  The  range  is  0  to 

1000;  the  default  is  0  (no  limit  is  imposed;  a  trap  is  sent  at  every  occurrence). 

stpx  (Optional)  Enable  SNMP  STPX  MIB  traps.  The  keywords  have  these 

meanings: 

•  inconsistency — (Optional)  Enable  SNMP  STPX  MIB  Inconsistency 
Update  traps. 

•  root-inconsistency— (Optional)  Enable  SNMP  STPX  MIB  Root 
Inconsistency  Update  traps. 

•  loop-inconsistency— (Optional)  Enable  SNMP  STPX  MIB  Loop 
Inconsistency  Update  traps. 


syslog 

(Optional)  Enable  SNMP  syslog  traps. 

tty 

(Optional)  Send  TCP  connection  traps.  This  is  enabled  by  default. 

vlan-membership 

(Optional)  Enable  SNMP  VLAN  membership  traps. 

vlancreate 

(Optional)  Enable  SNMP  VLAN-created  traps. 

vlandelete 

(Optional)  Enable  SNMP  VLAN-deleted  traps. 

vtp 

(Optional)  Enable  VLAN  Trunking  Protocol  (VTP)  traps. 

ospf  [cisco-specific  I 
errors  I  lsa  I  rate-limit  I 
retransmit  I 
state-change] 


pim 

[invalid-pim-message  I 
neighbor-change  I 
rp-mapping-change] 


port-security 
[trap-rate  value] 


snmp  [authentication  I 
coldstart  I  linkdown  I 
linkup  I  warmstart] 
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X   

Note      Though  visible  in  the  command-line  help  strings,  the  cpu  [threshold],  fru-ctrl,  insertion,  and  removal 
keywords  are  not  supported.  The  snmp-server  enable  informs  global  configuration  command  is  not 
supported.  To  enable  the  sending  of  SNMP  inform  notifications,  use  the  snmp-server  enable  traps 
global  configuration  command  combined  with  the  snmp-server  host  host-addr  informs  global 
configuration  command. 


Defaults  The  sending  of  SNMP  traps  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Specify  the  host  (NMS)  that  receives  the  traps  by  using  the  snmp-server  host  global  configuration 
command.  If  no  trap  types  are  specified,  all  trap  types  are  sent. 

When  supported,  use  the  snmp-server  enable  traps  command  to  enable  sending  of  traps  or  informs. 

X   

Note      Informs  are  not  supported  in  SNMPvl. 


To  enable  more  than  one  type  of  trap,  you  must  enter  a  separate  snmp-server  enable  traps  command 
for  each  trap  type. 


Examples  This  example  shows  how  to  send  VTP  traps  to  the  NMS: 

Switch (config) #  snmp-server  enable  traps  vtp 

You  can  verify  your  setting  by  entering  the  show  vtp  status  or  the  show  running-config  privileged 
EXEC  command. 


Related  Commands      Command  Description 

show  running-config      Displays  the  running  configuration  on  the  switch.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 

snmp-server  host  Specifies  the  host  that  receives  SNMP  traps. 
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snmp-server  host 

Use  the  snmp-server  host  global  configuration  command  to  specify  the  recipient  (host)  of  a  Simple 
Network  Management  Protocol  (SNMP)  notification  operation.  Use  the  no  form  of  this  command  to 
remove  the  specified  host. 

snmp-server  host  host-addr  [informs  I  traps]  [version  [1  I  2c  I  3  [auth  I  noauthl  priv}]  [vrf 

vrf-instance]  {community-string  [notification-type]} 

no  snmp-server  host  host-addr  [informs  I  traps]  [version  [1  I  2c  I  3  {auth  I  noauth  I  priv}]  [vrf 

vrf-instance]  community -string 


Syntax  Description       host-addr  Name  or  Internet  address  of  the  host  (the  targeted  recipient). 

udp-port  port  (Optional)  Configure  the  User  Datagram  Protocol  (UDP)  port  number  of  the 

host  to  receive  the  traps.  The  range  is  0  to  65535. 

informs  I  traps  (Optional)  Send  SNMP  traps  or  informs  to  this  host. 

version  1  I  2c  I  3  (Optional)  Version  of  the  SNMP  used  to  send  the  traps. 

These  keywords  are  supported: 

1 — SNMPvl.  This  option  is  not  available  with  informs. 
2c— SNMPv2C. 

3 — SNMPv3.  These  optional  keywords  can  follow  the  Version  3  keyword: 

•  auth  (Optional).  Enables  Message  Digest  5  (MD5)  and  Secure  Hash 
Algorithm  (SHA)  packet  authentication. 

•  noauth  (Default).  The  noAuthNoPriv  security  level.  This  is  the  default 
if  the  [auth  I  noauth  I  priv]  keyword  choice  is  not  specified. 

•  priv  (Optional).  Enables  Data  Encryption  Standard  (DES)  packet 
encryption  (also  called  privacy). 

Note     The  priv  keyword  is  available  only  when  the  cryptographic 
(encrypted)  software  image  is  installed. 

vrf  vrf-instance  (Optional)  Virtual  private  network  (VPN)  routing  instance  and  name  for  this 

host. 
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community-string  Password-like  community  string  sent  with  the  notification  operation.  Though 

you  can  set  this  string  by  using  the  snmp-server  host  command,  we 
recommend  that  you  define  this  string  by  using  the  snmp-server  community 
global  configuration  command  before  using  the  snmp-server  host 
command. 

notification-type  (Optional)  Type  of  notification  to  be  sent  to  the  host.  If  no  type  is  specified, 

all  notifications  are  sent.  The  notification  type  can  be  one  or  more  of  the 
these  keywords: 

•  bridge— Send  SNMP  Spanning  Tree  Protocol  (STP)  bridge  MIB  traps. 

•  cluster — Send  cluster  member  status  traps. 

•  config — Send  SNMP  configuration  traps. 

•  copy-config — Send  SNMP  copy  configuration  traps. 

•  entity —  Send  SNMP  entity  traps. 

•  envmon — Send  environmental  monitor  traps. 

•  flash— Send  SNMP  FLASH  notifications. 

•  hsrp— Send  SNMP  Hot  Standby  Router  Protocol  (HSRP)  traps. 

•  ipmulticast — Send  SNMP  IP  multicast  routing  traps. 

•  mac-notification — Send  SNMP  MAC  notification  traps. 

•  msdp — Send  SNMP  Multicast  Source  Discovery  Protocol  (MSDP) 
traps. 

•  ospf— Send  Open  Shortest  Path  First  (OSPF)  traps. 

•  pim — Send  SNMP  Protocol-Independent  Multicast  (PIM)  traps. 

•  port-security — Send  SNMP  port-security  traps. 

•  rtr — Send  SNMP  Response  Time  Reporter  traps. 

•  snmp — Send  SNMP-type  traps. 

•  storm-control — Send  SNMP  storm-control  traps. 

•  stpx— Send  SNMP  STP  extended  MIB  traps. 

•  syslog — Send  SNMP  syslog  traps. 

•  tty — Send  TCP  connection  traps. 

•  udp-port  port — Configure  the  User  Datagram  Protocol  (UDP)  port 
number  of  the  host  to  receive  the  traps.  The  range  is  from  0  to  65535. 

•  vlan-membership —  Send  SNMP  VLAN  membership  traps. 

•  vlancreate — Send  SNMP  VLAN-created  traps. 

•  vlandelete— Send  SNMP  VLAN-deleted  traps. 

•  vtp— Send  SNMP  VLAN  Trunking  Protocol  (VTP)  traps. 

X   

Note      Though  visible  in  the  command-line  help  strings,  the  cpu,  cluster,  hsrp,  msdp,  ospf,  pim,  vrf,  and 
fru-ctrl  keywords  are  not  supported. 
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This  command  is  disabled  by  default.  No  notifications  are  sent. 

If  you  enter  this  command  with  no  keywords,  the  default  is  to  send  all  trap  types  to  the  host.  No  informs 
are  sent  to  this  host. 

If  no  version  keyword  is  present,  the  default  is  Version  1. 

If  Version  3  is  selected  and  no  authentication  keyword  is  entered,  the  default  is  the  noauth 
(noAuthNoPriv)  security  level. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        SNMP  notifications  can  be  sent  as  traps  or  inform  requests.  Traps  are  unreliable  because  the  receiver 
does  not  send  acknowledgments  when  it  receives  traps.  The  sender  cannot  determine  if  the  traps  were 
received.  However,  an  SNMP  entity  that  receives  an  inform  request  acknowledges  the  message  with  an 
SNMP  response  PDU.  If  the  sender  never  receives  the  response,  the  inform  request  can  be  sent  again. 
Thus,  informs  are  more  likely  to  reach  their  intended  destinations. 

However,  informs  consume  more  resources  in  the  agent  and  in  the  network.  Unlike  a  trap,  which  is 
discarded  as  soon  as  it  is  sent,  an  inform  request  must  be  held  in  memory  until  a  response  is  received  or 
the  request  times  out.  Traps  are  also  sent  only  once,  but  an  inform  might  be  retried  several  times.  The 
retries  increase  traffic  and  contribute  to  a  higher  overhead  on  the  network. 

If  you  do  not  enter  an  snmp-server  host  command,  no  notifications  are  sent.  To  configure  the  switch  to 
send  SNMP  notifications,  you  must  enter  at  least  one  snmp-server  host  command.  If  you  enter  the 
command  with  no  keywords,  all  trap  types  are  enabled  for  the  host.  To  enable  multiple  hosts,  you  must 
enter  a  separate  snmp-server  host  command  for  each  host.  You  can  specify  multiple  notification  types 
in  the  command  for  each  host. 

If  a  local  user  is  not  associated  with  a  remote  host,  the  switch  does  not  send  informs  for  the  auth 
(authNoPriv)  and  the  priv  (authPriv)  authentication  levels. 

When  multiple  snmp-server  host  commands  are  given  for  the  same  host  and  kind  of  notification  (trap 
or  inform),  each  succeeding  command  overwrites  the  previous  command.  Only  the  last  snmp-server 
host  command  is  in  effect.  For  example,  if  you  enter  an  snmp-server  host  inform  command  for  a  host 
and  then  enter  another  snmp-server  host  inform  command  for  the  same  host,  the  second  command 
replaces  the  first. 

The  snmp-server  host  command  is  used  with  the  snmp-server  enable  traps  global  configuration 
command.  Use  the  snmp-server  enable  traps  command  to  specify  which  SNMP  notifications  are  sent 
globally.  For  a  host  to  receive  most  notifications,  at  least  one  snmp-server  enable  traps  command  and 
the  snmp-server  host  command  for  that  host  must  be  enabled.  Some  notification  types  cannot  be 
controlled  with  the  snmp-server  enable  traps  command.  For  example,  some  notification  types  are 
always  enabled.  Other  notification  types  are  enabled  by  a  different  command. 

The  no  snmp-server  host  command  with  no  keywords  disables  traps,  but  not  informs,  to  the  host.  To 
disable  informs,  use  the  no  snmp-server  host  informs  command. 
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Examples  This  example  shows  how  to  configure  a  unique  SNMP  community  string  named  comaccess  for  traps  and 

prevent  SNMP  polling  access  with  this  string  through  access-list  10: 

Switch (config) #  snmp-server  community  comaccess  ro  10 
Switch (config) #  snmp-server  host  172.20.2.160  comaccess 
Switch (config) #  access-list  10  deny  any 

This  example  shows  how  to  send  the  SNMP  traps  to  the  host  specified  by  the  name  myhost.cisco.com. 
The  community  string  is  defined  as  comaccess: 

Switch (config) #  snmp-server  enable  traps 

Switch (config) #  snmp-server  host  myhost.cisco.com  comaccess  snmp 

This  example  shows  how  to  enable  the  switch  to  send  all  traps  to  the  host  myhost.cisco.com  by  using  the 
community  string  public: 

Switch (config) #  snmp-server  enable  traps 

Switch (config) #  snmp-server  host  myhost.cisco.com  public 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config  Displays  the  running  configuration  on  the  switch.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 

snmp-server  enable  traps    Enables  SNMP  notification  for  various  trap  types  or  inform  requests. 
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snmp  trap  mac-notification 


Use  the  snmp  trap  mac-notification  interface  configuration  command  to  enable  the  Simple  Network 
Management  Protocol  (SNMP)  MAC  address  notification  trap  on  a  specific  Layer  2  interface.  Use  the 
no  form  of  this  command  to  return  to  the  default  setting. 

snmp  trap  mac-notification  { added  I  removed } 

no  snmp  trap  mac-notification  {added  I  removed} 


Syntax  Description  added 


removed 


Enable  the  MAC  notification  trap  whenever  a  MAC  address  is  added  on  this 
interface. 

Enable  the  MAC  notification  trap  whenever  a  MAC  address  is  removed  from  this 
interface. 


Defaults 


By  default,  the  traps  for  both  address  addition  and  address  removal  are  disabled. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Even  though  you  enable  the  notification  trap  for  a  specific  interface  by  using  the  snmp  trap 
mac-notification  command,  the  trap  is  generated  only  when  you  enable  the  snmp-server  enable  traps 
mac-notification  and  the  mac  address-table  notification  global  configuration  commands. 


Examples  This  example  shows  how  to  enable  the  MAC  notification  trap  when  a  MAC  address  is  added  to  a  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  snmp  trap  mac-notification  added 

You  can  verify  your  settings  by  entering  the  show  mac  address-table  notification  interface  privileged 
EXEC  command. 
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Related  Commands  Command 


Description 


clear  mac  address-table  notification 
mac  address-table  notification 
show  mac  address-table  notification 


Clears  the  MAC  address  notification  global  counters. 

Enables  the  MAC  address  notification  feature. 

Displays  the  MAC  address  notification  settings  for  all 
interfaces  or  on  the  specified  interface  when  the  interface 
keyword  is  appended. 


snmp-server  enable  traps 


Sends  the  SNMP  MAC  notification  traps  when  the 
mac-notification  keyword  is  appended. 
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spanning-tree  backbonefast 

Use  the  spanning-tree  backbonefast  global  configuration  command  to  enable  the  BackboneFast 
feature.  Use  the  no  form  of  the  command  to  return  to  the  default  setting. 

spanning-tree  backbonefast 

no  spanning-tree  backbonefast 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  BackboneFast  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  configure  the  BackboneFast  feature  for  rapid  PVST+  or  for  multiple  spanning-tree  (MST)  mode, 
but  the  feature  remains  disabled  (inactive)  until  you  change  the  spanning-tree  mode  to  PVST+. 

BackboneFast  starts  when  a  root  port  or  blocked  port  on  a  switch  receives  inferior  BPDUs  from  its 
designated  switch.  An  inferior  BPDU  identifies  a  switch  that  declares  itself  as  both  the  root  bridge  and 
the  designated  switch.  When  a  switch  receives  an  inferior  BPDU,  it  means  that  a  link  to  which  the  switch 
is  not  directly  connected  (an  indirect  link)  has  failed  (that  is,  the  designated  switch  has  lost  its  connection 
to  the  root  switch).  If  there  are  alternate  paths  to  the  root  switch,  BackboneFast  causes  the  maximum 
aging  time  on  the  interfaces  on  which  it  received  the  inferior  BPDU  to  expire  and  allows  a  blocked  port 
to  move  immediately  to  the  listening  state.  BackboneFast  then  transitions  the  interface  to  the  forwarding 
state.  For  more  information,  see  the  software  configuration  guide  for  this  release. 

Enable  BackboneFast  on  all  supported  switches  to  allow  the  detection  of  indirect  link  failures  and  to  start 
the  spanning-tree  reconfiguration  sooner. 


Examples  This  example  shows  how  to  enable  BackboneFast  on  the  switch: 

Switch (config) #  spanning-tree  backbonefast 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  summary  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  spanning-tree  summary    Displays  a  summary  of  the  spanning-tree  interface  states. 
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spanning-tree  bpdufilter 


Use  the  spanning-tree  bpdufilter  interface  configuration  command  to  prevent  an  interface  from  sending 
or  receiving  bridge  protocol  data  units  (BPDUs).  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

spanning-tree  bpdufilter  {disable  I  enable} 

no  spanning-tree  bpdufilter 


Syntax  Description  disable 


Disable  BPDU  filtering  on  the  specified  interface. 


enable 


Enable  BPDU  filtering  on  the  specified  interface. 


Defaults 


BPDU  filtering  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 

A 

Caution 


You  can  enable  the  BPDU  filtering  feature  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree 
plus  (PVST+),  rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 


Enabling  BPDU  filtering  on  an  interface  is  the  same  as  disabling  spanning  tree  on  it  and  can  result  in 
spanning-tree  loops. 


You  can  globally  enable  BPDU  filtering  on  all  Port  Fast-enabled  interfaces  by  using  the  spanning-tree 
portfast  bpdufilter  default  global  configuration  command. 

You  can  use  the  spanning-tree  bpdufilter  interface  configuration  command  to  override  the  setting  of 
the  spanning-tree  portfast  bpdufilter  default  global  configuration  command. 


Examples 


This  example  shows  how  to  enable  the  BPDU  filtering  feature  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  spanning-tree  bpdufilter  enable 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 

spanning-tree  portfast  (global  Globally  enables  the  BPDU  filtering  or  the  BPDU  guard  feature 
configuration)  on  Port  Fast-enabled  interface  or  enables  the  Port  Fast  feature  on 

all  nontrunking  interfaces. 

spanning-tree  portfast  (interface  Enables  the  Port  Fast  feature  on  an  interface  and  all  its  associated 
configuration)  VLANs. 
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spanning-tree  bpduguard 


Use  the  spanning-tree  bpduguard  interface  configuration  command  to  put  an  interface  in  the 
error-disabled  state  when  it  receives  a  bridge  protocol  data  unit  (BPDU).  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

spanning-tree  bpduguard  {disable  I  enable} 

no  spanning-tree  bpduguard 


Syntax  Description  disable 


Disable  BPDU  guard  on  the  specified  interface. 


enable 


Enable  BPDU  guard  on  the  specified  interface. 


Defaults 


BPDU  guard  is  disabled. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  BPDU  guard  feature  provides  a  secure  response  to  invalid  configurations  because  you  must 
manually  put  the  interface  back  in  service.  Use  the  BPDU  guard  feature  in  a  service-provider  network 
to  prevent  an  interface  from  being  included  in  the  spanning-tree  topology. 

You  can  enable  the  BPDU  guard  feature  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree 
plus  (PVST+),  rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 

You  can  globally  enable  BPDU  guard  on  all  Port  Fast-enabled  interfaces  by  using  the  spanning-tree 
portfast  bpduguard  default  global  configuration  command. 

You  can  use  the  spanning-tree  bpduguard  interface  configuration  command  to  override  the  setting  of 
the  spanning-tree  portfast  bpduguard  default  global  configuration  command. 


Examples 


This  example  shows  how  to  enable  the  BPDU  guard  feature  on  a  port: 

Switch ( config) #  interface  gigabitethernetO/1 
Switch(conf ig-if ) #  spanning-tree  bpduguard  enable 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 

spanning-tree  portfast  (global  Globally  enables  the  BPDU  filtering  or  the  BPDU  guard  feature 
configuration)  on  Port  Fast-enabled  interfaces  or  enables  the  Port  Fast  feature  on 

all  nontrunking  interfaces. 

spanning-tree  portfast  (interface  Enables  the  Port  Fast  feature  on  an  interface  and  all  its  associated 
configuration)  VLANs. 
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spanning-tree  cost 


Use  the  spanning-tree  cost  interface  configuration  command  to  set  the  path  cost  for  spanning-tree 
calculations.  If  a  loop  occurs,  spanning  tree  considers  the  path  cost  when  selecting  an  interface  to  place 
in  the  forwarding  state.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  [vlan  vlan-id]  cost  cost 

no  spanning-tree  [vlan  vlan-id]  cost 


Syntax  Description      vlan  vlan-id 


(Optional)  VLAN  range  associated  with  a  spanning-tree  instance.  You  can  specify 
a  single  VLAN  identified  by  VLAN  ID  number,  a  range  of  VLANs  separated  by  a 
hyphen,  or  a  series  of  VLANs  separated  by  a  comma.  The  range  is  1  to  4094. 

cost  Path  cost.  The  range  is  1  to  200000000,  with  higher  values  meaning  higher  costs. 


Defaults 


The  default  path  cost  is  computed  from  the  interface  bandwidth  setting.  These  are  the  IEEE  default  path 
cost  values: 


•  1000  Mb/s- 

•  100  Mb/s— 19 

•  10  Mb/s— 100 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       When  you  configure  the  cost,  higher  values  represent  higher  costs. 

If  you  configure  an  interface  with  both  the  spanning-tree  vlan  vlan-id  cost  cost  command  and  the 
spanning-tree  cost  cost  command,  the  spanning-tree  vlan  vlan-id  cost  cost  command  takes  effect. 


Examples 


This  example  shows  how  to  set  the  path  cost  to  250  on  a  port: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  spanning-tree  cost  250 

This  example  shows  how  to  set  a  path  cost  to  300  for  VLANs  10,  12  to  15,  and  20: 

Switch (config-if ) #  spanning-tree  vlan  10,12-15,20  cost  300 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  interface  interface-id  privileged 
EXEC  command. 
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Related  Commands      Command  Description 

show  spanning-tree  interface  Displays  spanning-tree  information  for  the  specified  interface. 
interface-id 

spanning-tree  port-priority  Configures  an  interface  priority. 

spanning-tree  vlan  priority  Sets  the  switch  priority  for  the  specified  spanning-tree  instance. 
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spanning-tree  etherchannel  guard  misconfig 


Use  the  spanning-tree  etherchannel  guard  misconfig  global  configuration  command  to  display  an 
error  message  when  the  switch  detects  an  EtherChannel  misconfiguration.  Use  the  no  form  of  this 
command  to  disable  the  feature. 

spanning-tree  etherchannel  guard  misconfig 

no  spanning-tree  etherchannel  guard  misconfig 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


EtherChannel  guard  is  enabled  on  the  switch. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


When  the  switch  detects  an  EtherChannel  misconfiguration,  this  error  message  appears: 

PM-4-ERR_DISABLE :   Channel-misconf ig  error  detected  on   [chars],   putting   [chars]  in 
err-disable  state. 

To  show  switch  ports  that  are  in  the  misconfigured  EtherChannel,  use  the  show  interfaces  status 
err-disabled  privileged  EXEC  command.  To  verify  the  EtherChannel  configuration  on  a  remote  device, 
use  the  show  etherchannel  summary  privileged  EXEC  command  on  the  remote  device. 

When  a  port  is  in  the  error-disabled  state  because  of  an  EtherChannel  misconfiguration,  you  can  bring 
it  out  of  this  state  by  entering  the  errdisable  recovery  cause  channel-misconfig  global  configuration 
command,  or  you  can  manually  re-enable  it  by  entering  the  shutdown  and  no  shut  down  interface 
configuration  commands. 


Examples 


This  example  shows  how  to  enable  the  EtherChannel  guard  misconfiguration  feature: 

Switch (config) #  spanning-tree  etherchannel  guard  misconfig 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  summary  privileged  EXEC  command. 
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Related  Commands      Command  Description 


errdisable  recovery  cause 

Enables  the  timer  to  recover  from  the  EtherChannel 

channel-misconfig 

misconfiguration  error-disabled  state. 

show  etherchannel  summary 

Displays  EtherChannel  information  for  a  channel  as  a  one-line 

summary  per  channel-group. 

show  interfaces  status 

Displays  the  interfaces  in  the  error-disabled  state. 

err-disabled 
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spanning-tree  extend  system-id 


Use  the  spanning-tree  extend  system-id  global  configuration  command  to  enable  the  extended  system 
ID  feature. 

spanning-tree  extend  system-id 


Note      Though  visible  in  the  command-line  help  strings,  the  no  version  of  this  command  is  not  supported.  You 
cannot  disable  the  extended  system  ID  feature. 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  extended  system  ID  is  enabled. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  switch  supports  the  IEEE  802.lt  spanning-tree  extensions.  Some  of  the  bits  previously  used  for  the 
switch  priority  are  now  used  for  the  extended  system  ID  (VLAN  identifier  for  the  per-VLAN 
spanning-tree  plus  [PVST+]  and  rapid  PVST+  or  as  an  instance  identifier  for  the  multiple  spanning  tree 
[MST]). 

The  spanning  tree  uses  the  extended  system  ID,  the  switch  priority,  and  the  allocated  spanning-tree  MAC 
address  to  make  the  bridge  ID  unique  for  each  VLAN  or  multiple  spanning-tree  instance. 

Support  for  the  extended  system  ID  affects  how  you  manually  configure  the  root  switch,  the  secondary 
root  switch,  and  the  switch  priority  of  a  VLAN.  For  more  information,  see  the  "spanning-tree  mst  root" 
and  the  "spanning-tree  vlan"  sections. 

If  your  network  consists  of  switches  that  do  not  support  the  extended  system  ID  and  switches  that  do 
support  it,  it  is  unlikely  that  the  switch  with  the  extended  system  ID  support  will  become  the  root  switch. 
The  extended  system  ID  increases  the  switch  priority  value  every  time  the  VLAN  number  is  greater  than 
the  priority  of  the  connected  switches. 


Related  Commands      Command  Description 

show  spanning-tree  summary    Displays  a  summary  of  spanning-tree  interface  states. 

spanning-tree  mst  root  Configures  the  MST  root  switch  priority  and  timers  based  on  the 

network  diameter. 

spanning-tree  vlan  priority       Sets  the  switch  priority  for  the  specified  spanning-tree  instance. 
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spanning-tree  guard 

Use  the  spanning-tree  guard  interface  configuration  command  to  enable  root  guard  or  loop  guard  on 
all  the  VLANs  associated  with  the  selected  interface.  Root  guard  restricts  which  interface  is  allowed  to 
be  the  spanning-tree  root  port  or  the  path-to-the  root  for  the  switch.  Loop  guard  prevents  alternate  or  root 
ports  from  becoming  designated  ports  when  a  failure  creates  a  unidirectional  link.  Use  the  no  form  of 
this  command  to  return  to  the  default  setting. 

spanning-tree  guard  {loop  I  none  I  root} 

no  spanning-tree  guard 


Syntax  Description      loop  Enable  loop  guard. 


none 

Disable  root  guard  or  loop  guard. 

root 

Enable  root  guard. 

Defaults  Root  guard  is  disabled. 

Loop  guard  is  configured  according  to  the  spanning-tree  loopguard  default  global  configuration 
command  (globally  disabled). 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  enable  root  guard  or  loop  guard  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree 
plus  (PVST+),  rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 

When  root  guard  is  enabled,  if  spanning-tree  calculations  cause  an  interface  to  be  selected  as  the  root 
port,  the  interface  transitions  to  the  root-inconsistent  (blocked)  state  to  prevent  the  customer's  switch 
from  becoming  the  root  switch  or  being  in  the  path  to  the  root.  The  root  port  provides  the  best  path  from 
the  switch  to  the  root  switch. 

When  the  no  spanning-tree  guard  or  the  no  spanning-tree  guard  none  command  is  entered,  root  guard 
is  disabled  for  all  VLANs  on  the  selected  interface.  If  this  interface  is  in  the  root-inconsistent  (blocked) 
state,  it  automatically  transitions  to  the  listening  state. 

Do  not  enable  root  guard  on  interfaces  that  will  be  used  by  the  UplinkFast  feature.  With  UplinkFast,  the 
backup  interfaces  (in  the  blocked  state)  replace  the  root  port  in  the  case  of  a  failure.  However,  if  root 
guard  is  also  enabled,  all  the  backup  interfaces  used  by  the  UplinkFast  feature  are  placed  in  the 
root-inconsistent  state  (blocked)  and  prevented  from  reaching  the  forwarding  state.  The  UplinkFast 
feature  is  not  available  when  the  switch  is  operating  in  the  rapid-PVST+  or  MST  mode. 

Loop  guard  is  most  effective  when  it  is  configured  on  the  entire  switched  network.  When  the  switch  is 
operating  in  PVST+  or  rapid-PVST+  mode,  loop  guard  prevents  alternate  and  root  ports  from  becoming 
designated  ports,  and  spanning  tree  does  not  send  bridge  protocol  data  units  (BPDUs)  on  root  or  alternate 
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ports.  When  the  switch  is  operating  in  MST  mode,  BPDUs  are  not  sent  on  nonboundary  interfaces  if  the 
interface  is  blocked  by  loop  guard  in  all  MST  instances.  On  a  boundary  interface,  loop  guard  blocks  the 
interface  in  all  MST  instances. 

To  disable  root  guard  or  loop  guard,  use  the  spanning-tree  guard  none  interface  configuration 
command.  You  cannot  enable  both  root  guard  and  loop  guard  at  the  same  time. 

You  can  override  the  setting  of  the  spanning-tree  loopguard  default  global  configuration  command  by 
using  the  spanning-tree  guard  loop  interface  configuration  command. 


Examples  This  example  shows  how  to  enable  root  guard  on  all  the  VLANs  associated  with  the  specified  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  spanning-tree  guard  root 

This  example  shows  how  to  enable  loop  guard  on  all  the  VLANs  associated  with  the  specified  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if ) #  spanning-tree  guard  loop 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 

spanning-tree  cost  Sets  the  path  cost  for  spanning-tree  calculations. 

spanning-tree  loopguard  default        Prevents  alternate  or  root  ports  from  becoming  designated 

ports  because  of  a  failure  that  leads  to  a  unidirectional  link. 

spanning-tree  mst  cost  Configures  the  path  cost  for  MST  calculations. 

spanning-tree  mst  port-priority         Configures  an  interface  priority. 

spanning-tree  mst  root  Configures  the  MST  root  switch  priority  and  timers  based  on 

the  network  diameter. 

spanning-tree  port-priority  Configures  an  interface  priority. 

spanning-tree  vlan  priority  Sets  the  switch  priority  for  the  specified  spanning-tree 

instance. 
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Use  the  spanning-tree  link-type  interface  configuration  command  to  override  the  default  link-type 
setting,  which  is  determined  by  the  duplex  mode  of  the  interface,  and  to  enable  rapid  spanning-tree 
transitions  to  the  forwarding  state.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  link-type  {point-to-point  I  shared} 

no  spanning-tree  link-type 


Syntax  Description      point-to-point     Specify  that  the  link  type  of  an  interface  is  point-to-point. 


shared 


Specify  that  the  link  type  of  an  interface  is  shared. 


Defaults 


The  switch  derives  the  link  type  of  an  interface  from  the  duplex  mode.  A  full-duplex  interface  is 
considered  a  point-to-point  link,  and  a  half-duplex  interface  is  considered  a  shared  link. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  can  override  the  default  setting  of  the  link  type  by  using  the  spanning-tree  link-type  command.  For 
example,  a  half-duplex  link  can  be  physically  connected  point-to-point  to  a  single  interface  on  a  remote 
switch  running  the  Multiple  Spanning  Tree  Protocol  (MSTP)  or  the  rapid  per-VLAN  spanning-tree  plus 
(rapid-PVST+)  protocol  and  be  enabled  for  rapid  transitions. 


Examples 


This  example  shows  how  to  specify  the  link  type  as  shared  (regardless  of  the  duplex  setting)  and  to 
prevent  rapid  transitions  to  the  forwarding  state: 

Switch (config-if) #  spanning-tree  link-type  shared 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  interface  interface-id  or  the  show 
spanning-tree  interface  interface-id  privileged  EXEC  command. 
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Related  Commands      Command  Description 

clear  spanning-tree  detected-protocols     Restarts  the  protocol  migration  process  (force  the 

renegotiation  with  neighboring  switches)  on  all  interfaces 
or  on  the  specified  interface. 

show  spanning-tree  interface  Displays  spanning-tree  state  information  for  the  specified 

interface-id  interface. 

show  spanning-tree  mst  interface  Displays  MST  information  for  the  specified  interface. 
interface-id 
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Use  the  spanning-tree  loopguard  default  global  configuration  command  to  prevent  alternate  or  root 
ports  from  becoming  designated  ports  because  of  a  failure  that  leads  to  a  unidirectional  link.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  loopguard  default 

no  spanning-tree  loopguard  default 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Loop  guard  is  disabled. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  enable  the  loop  guard  feature  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree  plus 
(PVST+),  rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 

Loop  guard  is  most  effective  when  it  is  configured  on  the  entire  switched  network.  When  the  switch  is 
operating  in  PVST+  or  rapid-PVST+  mode,  loop  guard  prevents  alternate  and  root  ports  from  becoming 
designated  ports,  and  spanning  tree  does  not  send  bridge  protocol  data  units  (BPDUs)  on  root  or  alternate 
ports.  When  the  switch  is  operating  in  MST  mode,  BPDUs  are  not  sent  on  nonboundary  interfaces  if  the 
interface  is  blocked  by  loop  guard  in  all  MST  instances.  On  a  boundary  interface,  loop  guard  blocks  the 
interface  in  all  MST  instances. 

Loop  guard  operates  only  on  interfaces  that  the  spanning  tree  identifies  as  point-to-point. 

You  can  override  the  setting  of  the  spanning-tree  loopguard  default  global  configuration  command  by 
using  the  spanning-tree  guard  loop  interface  configuration  command. 


Examples  This  example  shows  how  to  globally  enable  loop  guard: 

Switch (config) #  spanning-tree  loopguard  default 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 

spanning-tree  guard  loop        Enables  the  loop  guard  feature  on  all  the  VLANs  associated  with  the 

specified  interface. 
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Use  the  spanning-tree  mode  global  configuration  command  to  enable  per-VLAN  spanning-tree  plus 
(PVST+),  rapid  PVST+,  or  multiple  spanning  tree  (MST)  on  your  switch.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

spanning-tree  mode  {mst  I  pvst  I  rapid-pvst} 

no  spanning-tree  mode 


Syntax  Description  mst 


pvst 


rapid-pvst 


Enable  MST  and  Rapid  Spanning  Tree  Protocol  (RSTP)  (based  on  IEEE  802.1s  and 
IEEE  802.  lw). 

Enable  PVST+  (based  on  IEEE  802.  ID). 


Enable  rapid  PVST+  (based  on  IEEE  802. lw). 


Defaults 


The  default  mode  is  PVST+. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


A 


Caution 


The  switch  supports  PVST+,  rapid  PVST+,  and  MSTP,  but  only  one  version  can  be  active  at  any  time: 
All  VLANs  run  PVST+,  all  VLANs  run  rapid  PVST+,  or  all  VLANs  run  MSTP. 

When  you  enable  the  MST  mode,  RSTP  is  automatically  enabled. 


Changing  spanning-tree  modes  can  disrupt  traffic  because  all  spanning-tree  instances  are  stopped  for  the 
previous  mode  and  restarted  in  the  new  mode. 


Examples 


This  example  shows  to  enable  MST  and  RSTP  on  the  switch: 

Switch (config) #  spanning-tree  mode  mst 

This  example  shows  to  enable  rapid  PVST+  on  the  switch: 

Switch (config) #  spanning-tree  mode  rapid-pvst 

You  can  verify  your  setting  by  entering  the  show  running-config  privileged  EXEC  command. 
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Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax  information, 

select  Cisco  IOS  Configuration  Fundamentals  Command  Reference, 
Release  12.2  >  File  Management  Commands  >  Configuration  File 
Management  Commands. 
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Use  the  spanning-tree  mst  configuration  global  configuration  command  to  enter  multiple 
spanning-tree  (MST)  configuration  mode  through  which  you  configure  the  MST  region.  Use  the  no  form 
of  this  command  to  return  to  the  default  settings. 

spanning-tree  mst  configuration 

no  spanning-tree  mst  configuration 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  default  mapping  is  that  all  VLANs  are  mapped  to  the  common  and  internal  spanning-tree  (CIST) 
instance  (instance  0). 

The  default  name  is  an  empty  string. 

The  revision  number  is  0. 


Command  Modes 


Global  configuration 


Command  History  Release 


12.2(25)SE1 


12.2(25)SED 


Modification 


This  command  was  introduced. 


The  instance-id  range  changed  to  1  to  4094. 


Usage  Guidelines 


The  spanning-tree  mst  configuration  command  enables  the  MST  configuration  mode.  These 
configuration  commands  are  available: 

•  abort:  exits  the  MST  region  configuration  mode  without  applying  configuration  changes. 

•  exit:  exits  the  MST  region  configuration  mode  and  applies  all  configuration  changes. 

•  instance  instance-id  vlan  vlan-range:  maps  VLANs  to  an  MST  instance.  The  range  for  the 
instance-id  is  1  to  4094.  The  range  for  vlan-range  is  1  to  4094.  You  can  specify  a  single  VLAN 
identified  by  VLAN  ID  number,  a  range  of  VLANs  separated  by  a  hyphen,  or  a  series  of  VLANs 
separated  by  a  comma. 

•  name  name:  sets  the  configuration  name.  The  name  string  has  a  maximum  length  of  32  characters 
and  is  case  sensitive. 

•  no:  negates  the  instance,  name,  and  revision  commands  or  sets  them  to  their  defaults. 

•  private-vlan:  Though  visible  in  the  command-line  help  strings,  this  command  is  not  supported. 

•  revision  version:  sets  the  configuration  revision  number.  The  range  is  0  to  65535. 

•  show  [current  I  pending]:  displays  the  current  or  pending  MST  region  configuration. 

In  MST  mode,  the  switch  supports  up  to  65  MST  instances.  The  number  of  VLANs  that  can  be  mapped 
to  a  particular  MST  instance  is  unlimited. 
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When  you  map  VLANs  to  an  MST  instance,  the  mapping  is  incremental,  and  VLANs  specified  in  the 
command  are  added  to  or  removed  from  the  VLANs  that  were  previously  mapped.  To  specify  a  range, 
use  a  hyphen;  for  example,  instance  1  vlan  1-63  maps  VLANs  1  to  63  to  MST  instance  1.  To  specify  a 
series,  use  a  comma;  for  example,  instance  1  vlan  10,  20,  30  maps  VLANs  10,  20,  and  30  to  MST 
instance  1. 

All  VLANs  that  are  not  explicitly  mapped  to  an  MST  instance  are  mapped  to  the  common  and  internal 
spanning  tree  (CIST)  instance  (instance  0)  and  cannot  be  unmapped  from  the  CIST  by  using  the  no  form 
of  the  command. 

For  two  or  more  switches  to  be  in  the  same  MST  region,  they  must  have  the  same  VLAN  mapping,  the 
same  configuration  revision  number,  and  the  same  name. 


Examples  This  example  shows  how  to  enter  MST  configuration  mode,  map  VLANs  10  to  20  to  MST  instance  1, 

name  the  region  regionl,  set  the  configuration  revision  to  1,  display  the  pending  configuration,  apply  the 
changes,  and  return  to  global  configuration  mode: 

Switch#  spanning-tree  mst  configuration 

Switch ( config-mst ) #  instance  1  vlan  10-20 
Switch ( config-mst ) #  name  regionl 
Switch ( config-mst ) #  revision  1 
Switch (config-mst) #  show  pending 

Pending  MST  configuration 
Name  [regionl] 
Revision  1 

Instance    Vlans  Mapped 


0  1-9,21-4094 

1  10-20 


Switch ( config-mst ) #  exit 
Switch (conf ig) # 

This  example  shows  how  to  add  VLANs  1  to  100  to  the  ones  already  mapped  (if  any)  to  instance  2,  to 
move  VLANs  40  to  60  that  were  previously  mapped  to  instance  2  to  the  CIST  instance,  to  add  VLAN 
10  to  instance  10,  and  to  remove  all  the  VLANs  mapped  to  instance  2  and  map  them  to  the  CIST  instance: 

Switch ( conf ig-mst ) #  instance  2  vlan  1-100 
Switch ( conf ig-mst ) #  no  instance  2  vlan  40-60 
Switch (conf ig-mst) #  instance  10  vlan  10 
Switch ( conf ig-mst ) #  no  instance  2 

You  can  verify  your  settings  by  entering  the  show  pending  MST  configuration  command. 


Related  Commands      Command  Description 

show  spanning-tree  mst  configuration        Displays  the  MST  region  configuration. 
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Use  the  spanning-tree  mst  cost  interface  configuration  command  to  set  the  path  cost  for  multiple 
spanning-tree  (MST)  calculations.  If  a  loop  occurs,  spanning  tree  considers  the  path  cost  when  selecting 
an  interface  to  put  in  the  forwarding  state.  Use  the  no  form  of  this  command  to  return  to  the  default 
setting. 

spanning-tree  mst  instance-id  cost  cost 
no  spanning-tree  mst  instance-id  cost 


Syntax  Description  instance-id 


Range  of  spanning-tree  instances.  You  can  specify  a  single  instance,  a  range  of 
instances  separated  by  a  hyphen,  or  a  series  of  instances  separated  by  a  comma.  The 
range  is  0  to  4094. 

cost  Path  cost  is  1  to  200000000,  with  higher  values  meaning  higher  costs. 


Defaults 


The  default  path  cost  is  computed  from  the  interface  bandwidth  setting.  These  are  the  IEEE  default  path 
cost  values: 

•  1000  Mb/s— 20000 

•  100  Mb/s— 200000 

•  10  Mb/s— 2000000 


Command  Modes 


Interface  configuration 


Command  History  Release 

12.2(25)SE1 


12.2(25)SED 


Modification 

This  command  was  introduced. 


The  instance-id  range  changed  tol  to  4094. 


Usage  Guidelines       When  you  configure  the  cost,  higher  values  represent  higher  costs. 


Examples 


This  example  shows  how  to  set  a  path  cost  of  250  on  a  port  associated  with  instances  2  and  4: 

Switch (config) #  interface  gigabitethernet 0/2 
Switch (config-if) #  spanning-tree  mst  2,4  cost  250 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  mst  interface  interface-id  privileged 
EXEC  command. 
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Related  Commands      Command  Description 


show  spanning-tree  mst 

Displays  MST  information  for  the  specified  interface. 

interface  interface-id 

spanning-tree  mst 

Configures  an  interface  priority. 

port-priority 

spanning-tree  mst  priority 

Configures  the  switch  priority  for  the  specified  spanning-tree 

instance. 
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spanning-tree  mst  forward-time 

Use  the  spanning-tree  mst  forward-time  global  configuration  command  to  set  the  forward-delay  time 
for  all  multiple  spanning-tree  (MST)  instances.  The  forwarding  time  specifies  how  long  each  of  the 
listening  and  learning  states  last  before  the  interface  begins  forwarding.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

spanning-tree  mst  forward-time  seconds 

no  spanning-tree  mst  forward-time 


Syntax  Description       seconds  Length  of  the  listening  and  learning  states.  The  range  is  4  to  30  seconds. 


Defaults  The  default  is  15  seconds. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Changing  the  spanning-tree  mst  forward-time  command  affects  all  spanning-tree  instances. 


Examples  This  example  shows  how  to  set  the  spanning-tree  forwarding  time  to  18  seconds  for  all  MST  instances: 

Switch (config) #  spanning-tree  mst  forward-time  18 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  spanning-tree  mst  Displays  MST  information. 

spanning-tree  mst  hello-time     Sets  the  interval  between  hello  bridge  protocol  data  units  (BPDUs) 

sent  by  root  switch  configuration  messages. 

spanning-tree  mst  max-age       Sets  the  interval  between  messages  that  the  spanning  tree  receives 

from  the  root  switch. 

spanning-tree  mst  max-hops     Sets  the  number  of  hops  in  a  region  before  the  BPDU  is  discarded. 
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spanning-tree  mst  hello-time 

Use  the  spanning-tree  mst  hello-time  global  configuration  command  to  set  the  interval  between  hello 
bridge  protocol  data  units  (BPDUs)  sent  by  root  switch  configuration  messages.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

spanning-tree  mst  hello-time  seconds 

no  spanning-tree  mst  hello-time 


Syntax  Description       seconds  Interval  between  hello  BPDUs  sent  by  root  switch  configuration  messages.  The 

range  is  1  to  10  seconds. 


Defaults  The  default  is  2  seconds. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       After  you  set  the  spanning-tree  mst  max-age  seconds  global  configuration  command,  if  a  switch  does 
not  receive  BPDUs  from  the  root  switch  within  the  specified  interval,  the  switch  recomputes  the 
spanning-tree  topology.  The  max-age  setting  must  be  greater  than  the  hello-time  setting. 

Changing  the  spanning-tree  mst  hello-time  command  affects  all  spanning-tree  instances. 


Examples  This  example  shows  how  to  set  the  spanning-tree  hello  time  to  3  seconds  for  all  multiple  spanning-tree 

(MST)  instances: 

Switch (config) #  spanning-tree  mst  hello-time  3 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  spanning-tree  mst 

Displays  MST  information. 

spanning-tree  mst 
forward-time 

Sets  the  forward-delay  time  for  all  MST  instances. 

spanning-tree  mst  max-age 

Sets  the  interval  between  messages  that  the  spanning  tree  receives 
from  the  root  switch. 

spanning-tree  mst  max-hops 

Sets  the  number  of  hops  in  a  region  before  the  BPDU  is  discarded. 
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spanning-tree  mst  max-age 

Use  the  spanning-tree  mst  max-age  global  configuration  command  to  set  the  interval  between 
messages  that  the  spanning  tree  receives  from  the  root  switch.  If  a  switch  does  not  receive  a  bridge 
protocol  data  unit  (BPDU)  message  from  the  root  switch  within  this  interval,  it  recomputes  the 
spanning-tree  topology.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  mst  max-age  seconds 

no  spanning-tree  mst  max-age 

Syntax  Description       seconds  Interval  between  messages  the  spanning  tree  receives  from  the  root  switch.  The  range 

is  6  to  40  seconds. 


Defaults  The  default  is  20  seconds. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       After  you  set  the  spanning-tree  mst  max-age  seconds  global  configuration  command,  if  a  switch  does 
not  receive  BPDUs  from  the  root  switch  within  the  specified  interval,  the  switch  recomputes  the 
spanning-tree  topology.  The  max-age  setting  must  be  greater  than  the  hello-time  setting. 

Changing  the  spanning-tree  mst  max-age  command  affects  all  spanning-tree  instances. 


Examples  This  example  shows  how  to  set  the  spanning-tree  max-age  to  30  seconds  for  all  multiple  spanning-tree 

(MST)  instances: 

Switch (config) #  spanning-tree  mst  max-age  30 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  spanning-tree  mst 

Displays  MST  information. 

spanning-tree  mst  forward-time 

Sets  the  forward-delay  time  for  all  MST  instances. 

spanning-tree  mst  hello-time 

Sets  the  interval  between  hello  BPDUs  sent  by  root  switch 

configuration  messages. 

spanning-tree  mst  max-hops 

Sets  the  number  of  hops  in  a  region  before  the  BPDU  is 

discarded. 
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spanning-tree  mst  max-hops 

Use  the  spanning-tree  mst  max-hops  global  configuration  command  to  set  the  number  of  hops  in  a 
region  before  the  bridge  protocol  data  unit  (BPDU)  is  discarded  and  the  information  held  for  an  interface 
is  aged.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  mst  max-hops  hop-count 

no  spanning-tree  mst  max-hops 


Syntax  Description       hop-count        Number  of  hops  in  a  region  before  the  BPDU  is  discarded.  The  range  is  1  to  255  hops. 


Defaults  The  default  is  20  hops. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SEC 

The  hop-count  range  changed  to  1  to  255. 

12.2(25)SED 

The  hop-count  range  changed  to  1  to  255. 

Usage  Guidelines       The  root  switch  of  the  instance  always  sends  a  BPDU  (or  M-record)  with  a  cost  of  0  and  the  hop  count 
set  to  the  maximum  value.  When  a  switch  receives  this  BPDU,  it  decrements  the  received  remaining  hop 
count  by  one  and  propagates  the  decremented  count  as  the  remaining  hop  count  in  the  generated 
M-records.  A  switch  discards  the  BPDU  and  ages  the  information  held  for  the  interface  when  the  count 
reaches  0. 

Changing  the  spanning-tree  mst  max-hops  command  affects  all  spanning-tree  instances. 


Examples  This  example  shows  how  to  set  the  spanning-tree  max-hops  to  10  for  all  multiple  spanning-tree  (MST) 

instances: 

Switch (config) #  spanning-tree  mst  max-hops  10 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 
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Related  Commands      Command  Description 


show  spanning-tree  mst 

Displays  MST  information. 

spanning-tree  mst  forward-time 

Sets  the  forward-delay  time  for  all  MST  instances. 

spanning-tree  mst  hello-time 

Sets  the  interval  between  hello  BPDUs  sent  by  root  switch 

configuration  messages. 

spanning-tree  mst  max-age 

Sets  the  interval  between  messages  that  the  spanning  tree 

receives  from  the  root  switch. 
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spanning-tree  mst  port-priority 

Use  the  spanning-tree  mst  port-priority  interface  configuration  command  to  configure  an  interface 
priority.  If  a  loop  occurs,  the  Multiple  Spanning  Tree  Protocol  (MSTP)  can  find  the  interface  to  put  in 
the  forwarding  state.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  mst  instance-id  port-priority  priority 

no  spanning-tree  mst  instance-id  port-priority 


Syntax  Description  instance-id 


Range  of  spanning-tree  instances.  You  can  specify  a  single  instance,  a  range  of 
instances  separated  by  a  hyphen,  or  a  series  of  instances  separated  by  a  comma.  The 
range  is  0  to  4094. 

priority  The  range  is  0  to  240  in  increments  of  16.  Valid  priority  values  are  0,  16,  32,  48,  64, 

80,  96,  112,  128,  144,  160,  176,  192,  208,  224,  and  240.  All  other  values  are  rejected. 
The  lower  the  number,  the  higher  the  priority. 


Defaults 


The  default  is  128. 


Command  Modes 


Interface  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SEC 

The  instance-id  range  changed  to  1  to  4094. 

12.2(25)SED 

The  instance-id  range  changed  to  1  to  4094. 

Usage  Guidelines  You  can  assign  higher  priority  values  (lower  numerical  values)  to  interfaces  that  you  want  selected  first 
and  lower  priority  values  (higher  numerical  values)  that  you  want  selected  last.  If  all  interfaces  have  the 
same  priority  value,  the  multiple  spanning  tree  (MST)  puts  the  interface  with  the  lowest  interface  number 
in  the  forwarding  state  and  blocks  other  interfaces. 


Examples  This  example  shows  how  to  increase  the  likelihood  that  the  interface  associated  with  spanning-tree 

instances  20  and  22  is  placed  into  the  forwarding  state  if  a  loop  occurs: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if) #  spanning-tree  mst  20,22  port-priority  0 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  mst  interface  interface-id  privileged 
EXEC  command. 
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Related  Commands      Command  Description 


show  spanning-tree  mst  interface 

Displays  MST  information  for  the  specified  interface. 

interface-id 

spanning-tree  mst  cost 

Sets  the  path  cost  for  MST  calculations. 

spanning-tree  mst  priority 

Sets  the  switch  priority  for  the  specified  spanning-tree 

instance. 
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spanning-tree  mst  pre-standard 


Use  the  spanning-tree  mst  pre-standard  interface  configuration  command  to  configure  a  port  to  send 
only  prestandard  bridge  protocol  data  units  (BPDUs). 

spanning-tree  mst  pre-standard 

no  spanning-tree  mst  pre-standard 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Default        The  default  state  is  automatic  detection  of  prestandard  neighbors. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SED 


This  command  was  introduced. 


Usage  Guidelines 


Note 


The  port  can  accept  both  prestandard  and  standard  BPDUs.  If  the  neighbor  types  are  mismatched,  only 
the  common  and  internal  spanning  tree  (CIST)  runs  on  this  interface. 


If  a  switch  port  is  connected  to  a  switch  running  prestandard  Cisco  IOS  software,  you  must  use  the 
spanning-tree  mst  pre-standard  interface  configuration  command  on  the  port.  If  you  do  not  configure 
the  port  to  send  only  prestandard  BPDUs,  the  Multiple  STP  (MSTP)  performance  might  diminish. 


When  the  port  is  configured  to  automatically  detect  prestandard  neighbors,  the  prestandard  flag  always 
appears  in  the  show  spanning-tree  mst  commands. 


Examples 


This  example  shows  how  to  configure  a  port  to  send  only  prestandard  BPDUs: 

Switch (config-if) #  spanning-tree  mst  pre-standard 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  spanning-tree  mst  instance-id 


Displays  multiple  spanning-tree  (MST)  information, 
including  the  prestandard  flag,  for  the  specified  interface. 
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spanning-tree  mst  priority 

Use  the  spanning-tree  mst  priority  global  configuration  command  to  set  the  switch  priority  for  the 
specified  spanning-tree  instance.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  mst  instance-id  priority  priority 

no  spanning-tree  mst  instance-id  priority 


Syntax  Description 


instance-id  Range  of  spanning-tree  instances.  You  can  specify  a  single  instance,  a  range  of 

instances  separated  by  a  hyphen,  or  a  series  of  instances  separated  by  a  comma.  The 
range  is  0  to  4094. 

priority  Set  the  switch  priority  for  the  specified  spanning-tree  instance.  This  setting  affects 

the  likelihood  that  the  switch  is  selected  as  the  root  switch.  A  lower  value  increases 
the  probability  that  the  switch  is  selected  as  the  root  switch. 

The  range  is  0  to  61440  in  increments  of  4096.  Valid  priority  values  are  0,  4096, 
8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864,  40960,  45056, 49152, 
53248,  57344,  and  61440.  All  other  values  are  rejected. 


Defaults 


The  default  is  32768. 


Command  Modes 


Global  configuration 


Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2(25)SED 

The  instance-id  range  changed  to  1  to  4094. 

Examples  This  example  shows  how  to  set  the  spanning-tree  priority  to  8192  for  multiple  spanning-tree  instances 

(MST)  20  to  21: 

Switch (config) #  spanning-tree  mst  20-21  priority  8192 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  mst  instance-id  privileged  EXEC 
command. 


Related  Commands      Command  Description 


show  spanning-tree  mst  instance-id 

Displays  MST  information  for  the  specified  interface. 

spanning-tree  mst  cost 

Sets  the  path  cost  for  MST  calculations. 

spanning-tree  mst  port-priority 

Configures  an  interface  priority. 
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spanning-tree  mst  root 


Use  the  spanning-tree  mst  root  global  configuration  command  to  configure  the  multiple  spanning-tree 
(MST)  root  switch  priority  and  timers  based  on  the  network  diameter.  Use  the  no  form  of  this  command 
to  return  to  the  default  settings. 

spanning-tree  mst  instance-id  root  {primary  I  secondary}  [diameter  net-diameter 
[hello-time  seconds]] 

no  spanning-tree  mst  instance-id  root 


Syntax  Description  instance-id 


root  primary 


Range  of  spanning-tree  instances.  You  can  specify  a  single  instance,  a  range 
of  instances  separated  by  a  hyphen,  or  a  series  of  instances  separated  by  a 
comma.  The  range  is  0  to  4094. 

Force  this  switch  to  be  the  root  switch. 


root  secondary 
diameter  net-diameter 


hello-time  seconds 


Set  this  switch  to  be  the  root  switch  should  the  primary  root  switch  fail. 

(Optional)  Set  the  maximum  number  of  switches  between  any  two  end 
stations.  The  range  is  2  to  7.  This  keyword  is  available  only  for  MST 
instance  0. 

(Optional)  Set  the  interval  between  hello  bridge  protocol  data  units 
(BPDUs)  sent  by  the  root  switch  configuration  messages.  The  range  is  1  to  10 
seconds.  This  keyword  is  available  only  for  MST  instance  0. 


Defaults 


The  primary  root  switch  priority  is  24576. 
The  secondary  root  switch  priority  is  28672. 
The  hello  time  is  2  seconds. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


12.2(25)SED 


Modification 

This  command  was  introduced. 


The  instance-id  range  changed  tol  to  4094. 


Usage  Guidelines 


Use  the  spanning-tree  mst  instance-id  root  command  only  on  backbone  switches. 

When  you  enter  the  spanning-tree  mst  instance-id  root  command,  the  software  tries  to  set  a  high 
enough  priority  to  make  this  switch  the  root  of  the  spanning-tree  instance.  Because  of  the  extended 
system  ID  support,  the  switch  sets  the  switch  priority  for  the  instance  to  24576  if  this  value  will  cause 
this  switch  to  become  the  root  for  the  specified  instance.  If  any  root  switch  for  the  specified  instance  has 
a  switch  priority  lower  than  24576,  the  switch  sets  its  own  priority  to  4096  less  than  the  lowest  switch 
priority.  (4096  is  the  value  of  the  least-significant  bit  of  a  4-bit  switch  priority  value.) 
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When  you  enter  the  spanning-tree  mst  instance-id  root  secondary  command,  because  of  support  for 
the  extended  system  ID,  the  software  changes  the  switch  priority  from  the  default  value  (32768)  to 
28672.  If  the  root  switch  fails,  this  switch  becomes  the  next  root  switch  (if  the  other  switches  in  the 
network  use  the  default  switch  priority  of  32768  and  are  therefore  unlikely  to  become  the  root  switch). 


Examples  This  example  shows  how  to  configure  the  switch  as  the  root  switch  for  instance  10  with  a  network 

diameter  of  4: 

Switch ( config) #  spanning-tree  mst  10  root  primary  diameter  4 

This  example  shows  how  to  configure  the  switch  as  the  secondary  root  switch  for  instance  10  with  a 
network  diameter  of  4: 

Switch ( config) #  spanning-tree  mst  10  root  secondary  diameter  4 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  mst  instance-id  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  spanning-tree  mst  instance-id       Displays  MST  information  for  the  specified  instance. 

spanning-tree  mst  forward-time  Sets  the  forward-delay  time  for  all  MST  instances. 

spanning-tree  mst  hello-time  Sets  the  interval  between  hello  BPDUs  sent  by  root  switch 

configuration  messages. 

spanning-tree  mst  max-age  Sets  the  interval  between  messages  that  the  spanning  tree 

receives  from  the  root  switch. 

spanning-tree  mst  max-hops  Sets  the  number  of  hops  in  a  region  before  the  BPDU  is 

discarded. 
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spanning-tree  port-priority 


Use  the  spanning-tree  port-priority  interface  configuration  command  to  configure  an  interface 
priority.  If  a  loop  occurs,  spanning  tree  can  find  the  interface  to  put  in  the  forwarding  state.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  [vlan  vlan-id]  port-priority  priority 

no  spanning-tree  [vlan  vlan-id]  port-priority 


Syntax  Description      vlan  vlan-id 


(Optional)  VLAN  range  associated  with  a  spanning-tree  instance.  You  can  specify  a 
single  VLAN  identified  by  VLAN  ID  number,  a  range  of  VLANs  separated  by  a 
hyphen,  or  a  series  of  VLANs  separated  by  a  comma.  The  range  is  1  to  4094. 

priority  Number  from  0  to  240,  in  increments  of  16.  Valid  values  are  0,  16,  32,  48,  64,  80, 

96,  112,  128,  144,  160,  176,  192,  208,  224,  and  240.  All  other  values  are  rejected. 
The  lower  the  number,  the  higher  the  priority. 


Defaults 


The  default  is  128. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  the  variable  vlan-id  is  omitted,  the  command  applies  to  the  spanning-tree  instance  associated  with 
VLAN  1. 

You  can  set  the  priority  on  a  VLAN  that  has  no  interfaces  assigned  to  it.  The  setting  takes  effect  when 
you  assign  the  interface  to  the  VLAN. 

If  you  configure  an  interface  with  both  the  spanning-tree  vlan  vlan-id  port-priority  priority  command 
and  the  spanning-tree  port-priority  priority  command,  the  spanning-tree  vlan  vlan-id  port-priority 

priority  command  takes  effect. 


Examples 


This  example  shows  how  to  increase  the  likelihood  that  a  port  will  be  put  in  the  forwarding  state  if  a  loop 
occurs: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if) #  spanning-tree  vlan  20  port-priority  0 

This  example  shows  how  to  set  the  port-priority  value  on  VLANs  20  to  25 : 

Switch (config-if ) #  spanning-tree  vlan  20-25  port-priority  0 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  interface  interface-id  privileged 
EXEC  command. 
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Related  Commands      Command  Description 

show  spanning-tree  interface  Displays  spanning-tree  information  for  the  specified  interface. 
interface-id 

spanning-tree  cost  Sets  the  path  cost  for  spanning-tree  calculations, 

spanning-tree  vlan  priority  Sets  the  switch  priority  for  the  specified  spanning-tree  instance. 
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spanning-tree  portfast  (global  configuration) 

Use  the  spanning-tree  portfast  global  configuration  command  to  globally  enable  bridge  protocol  data 
unit  (BPDU)  filtering  on  Port  Fast-enabled  interfaces,  the  BPDU  guard  feature  on  Port  Fast-enabled 
interfaces,  or  the  Port  Fast  feature  on  all  nontrunking  interfaces.  The  BPDU  filtering  feature  prevents  the 
switch  interface  from  sending  or  receiving  BPDUs.  The  BPDU  guard  feature  puts  Port  Fast-enabled 
interfaces  that  receive  BPDUs  in  an  error-disabled  state.  Use  the  no  form  of  this  command  to  return  to 
the  default  settings. 

spanning-tree  portfast  { bpdufilter  default  I  bpduguard  default  I  default } 

no  spanning-tree  portfast  { bpdufilter  default  I  bpduguard  default  I  default } 


Syntax  Description      bpdufilter  default        Globally  enable  BPDU  filtering  on  Port  Fast-enabled  interfaces  and  prevent 

the  switch  interface  connected  to  end  stations  from  sending  or  receiving 
BPDUs. 

bpduguard  default       Globally  enable  the  BPDU  guard  feature  on  Port  Fast-enabled  interfaces  and 
place  the  interfaces  that  receive  BPDUs  in  an  error-disabled  state. 

default  Globally  enable  the  Port  Fast  feature  on  all  nontrunking  interfaces.  When  the 

Port  Fast  feature  is  enabled,  the  interface  changes  directly  from  a  blocking 
state  to  a  forwarding  state  without  making  the  intermediate  spanning-tree 
state  changes. 


Defaults  The  BPDU  filtering,  the  BPDU  guard,  and  the  Port  Fast  features  are  disabled  on  all  interfaces  unless  they 

are  individually  configured. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  enable  these  features  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree  plus  (PVST+) 
rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 

Use  the  spanning-tree  portfast  bpdufilter  default  global  configuration  command  to  globally  enable 
BPDU  filtering  on  interfaces  that  are  Port  Fast-enabled  (the  interfaces  are  in  a  Port  Fast-operational 
state).  The  interfaces  still  send  a  few  BPDUs  at  link-up  before  the  switch  begins  to  filter  outbound 
BPDUs.  You  should  globally  enable  BPDU  filtering  on  a  switch  so  that  hosts  connected  to  switch 
interfaces  do  not  receive  BPDUs.  If  a  BPDU  is  received  on  a  Port  Fast-enabled  interface,  the  interface 
loses  its  Port  Fast-operational  status  and  BPDU  filtering  is  disabled. 

You  can  override  the  spanning-tree  portfast  bpdufilter  default  global  configuration  command  by 
using  the  spanning-tree  bdpufilter  interface  configuration  command. 
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A   

Caution      Enabling  BPDU  filtering  on  an  interface  is  the  same  as  disabling  spanning  tree  on  it  and  can  result  in 
spanning-tree  loops. 


Use  the  spanning-tree  portfast  bpduguard  default  global  configuration  command  to  globally  enable 
BPDU  guard  on  interfaces  that  are  in  a  Port  Fast-operational  state.  In  a  valid  configuration,  Port 
Fast-enabled  interfaces  do  not  receive  BPDUs.  Receiving  a  BPDU  on  a  Port  Fast-enabled  interface 
signals  an  invalid  configuration,  such  as  the  connection  of  an  unauthorized  device,  and  the  BPDU  guard 
feature  puts  the  interface  in  the  error-disabled  state.  The  BPDU  guard  feature  provides  a  secure  response 
to  invalid  configurations  because  you  must  manually  put  the  interface  back  in  service.  Use  the  BPDU 
guard  feature  in  a  service-provider  network  to  prevent  an  access  port  from  participating  in  the  spanning 
tree. 

You  can  override  the  spanning-tree  portfast  bpduguard  default  global  configuration  command  by 
using  the  spanning-tree  bdpuguard  interface  configuration  command. 

Use  the  spanning-tree  portfast  default  global  configuration  command  to  globally  enable  the  Port  Fast 
feature  on  all  nontrunking  interfaces.  Configure  Port  Fast  only  on  interfaces  that  connect  to  end  stations; 
otherwise,  an  accidental  topology  loop  could  cause  a  data  packet  loop  and  disrupt  switch  and  network 
operation.  A  Port  Fast-enabled  interface  moves  directly  to  the  spanning-tree  forwarding  state  when 
linkup  occurs  without  waiting  for  the  standard  forward-delay  time. 

You  can  override  the  spanning-tree  portfast  default  global  configuration  command  by  using  the 
spanning-tree  portfast  interface  configuration  command.  You  can  use  the  no  spanning-tree  portfast 
default  global  configuration  command  to  disable  Port  Fast  on  all  interfaces  unless  they  are  individually 
configured  with  the  spanning-tree  portfast  interface  configuration  command. 


Examples  This  example  shows  how  to  globally  enable  the  BPDU  filtering  feature: 

Switch ( config) #  spanning-tree  portfast  bpdufilter  default 

This  example  shows  how  to  globally  enable  the  BPDU  guard  feature: 

Switch (config) #  spanning-tree  portfast  bpduguard  default 

This  example  shows  how  to  globally  enable  the  Port  Fast  feature  on  all  nontrunking  interfaces: 

Switch ( config) #  spanning-tree  portfast  default 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  running-config  Displays  the  current  operating  configuration.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management 
Commands  >  Configuration  File  Management  Commands. 

spanning-tree  bpdufilter  Prevents  an  interface  from  sending  or  receiving  BPDUs. 

spanning-tree  bpduguard  Puts  an  interface  in  the  error-disabled  state  when  it  receives  a 

BPDU. 

spanning-tree  portfast  (interface  Enables  the  Port  Fast  feature  on  an  interface  in  all  its  associated 
configuration)  VLANs. 
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spanning-tree  portfast  (interface  configuration) 


Use  the  spanning-tree  portfast  interface  configuration  command  to  enable  the  Port  Fast  feature  on  an 
interface  in  all  its  associated  VLANs.  When  the  Port  Fast  feature  is  enabled,  the  interface  changes 
directly  from  a  blocking  state  to  a  forwarding  state  without  making  the  intermediate  spanning-tree  state 
changes.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  portfast  [disable  I  trunk] 

no  spanning-tree  portfast 


Syntax  Description  disable 


trunk 


(Optional)  Disable  the  Port  Fast  feature  on  the  specified  interface. 


(Optional)  Enable  the  Port  Fast  feature  on  a  trunking  interface. 


Defaults 


The  Port  Fast  feature  is  disabled  on  all  interfaces;  however,  it  is  automatically  enabled  on 
dynamic-access  ports. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Use  this  feature  only  on  interfaces  that  connect  to  end  stations;  otherwise,  an  accidental  topology  loop 
could  cause  a  data  packet  loop  and  disrupt  switch  and  network  operation. 

To  enable  Port  Fast  on  trunk  ports,  you  must  use  the  spanning-tree  portfast  trunk  interface 
configuration  command.  The  spanning-tree  portfast  command  is  not  supported  on  trunk  ports. 

You  can  enable  this  feature  when  the  switch  is  operating  in  the  per-VLAN  spanning-tree  plus  (PVST+), 
rapid-PVST+,  or  the  multiple  spanning-tree  (MST)  mode. 

This  feature  affects  all  VLANs  on  the  interface. 

An  interface  with  the  Port  Fast  feature  enabled  is  moved  directly  to  the  spanning-tree  forwarding  state 
without  the  standard  forward-time  delay. 

You  can  use  the  spanning-tree  portfast  default  global  configuration  command  to  globally  enable  the 
Port  Fast  feature  on  all  nontrunking  interfaces.  However,  the  spanning-tree  portfast  interface 
configuration  command  can  override  the  global  setting. 

If  you  configure  the  spanning-tree  portfast  default  global  configuration  command,  you  can  disable 
Port  Fast  on  an  interface  that  is  not  a  trunk  interface  by  using  the  spanning-tree  portfast  disable 
interface  configuration  command. 
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Examples  This  example  shows  how  to  enable  the  Port  Fast  feature  on  a  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch ( config-if ) #  spanning-tree  portfast 

You  can  verify  your  settings  by  entering  the  show  running-config  privileged  EXEC  command. 


Related  Commands  Command 


Description 


show  running-config 


Displays  the  current  operating  configuration.  For  syntax 
information,  select  Cisco  IOS  Configuration  Fundamentals 
Command  Reference,  Release  12.2  >  File  Management  Commands 
>  Configuration  File  Management  Commands. 


spanning-tree  bpdufilter 

spanning-tree  bpduguard 

spanning-tree  portfast  (global 
configuration) 


Prevents  an  interface  from  sending  or  receiving  bridge  protocol  data 
units  (BPDUs). 

Puts  an  interface  in  the  error-disabled  state  when  it  receives  a 
BPDU. 

Globally  enables  the  BPDU  filtering  or  the  BPDU  guard  feature  on 
Port  Fast-enabled  interfaces  or  enables  the  Port  Fast  feature  on  all 
nontrunking  interfaces. 
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spanning-tree  transmit  hold-count 


Use  the  spanning-tree  transmit  hold-count  global  configuration  command  to  configure  the  number  of 
bridge  protocol  data  units  (BPDUs)  sent  every  second.  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

spanning-tree  transmit  hold-count  [value] 

no  spanning-tree  transmit  hold-count  [value] 


Syntax  Description  value 


(Optional)  Number  of  BPDUs  sent  every  second.  The  range  is  1  to  20. 


Defaults 


The  default  is  6. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SED 


Modification 

This  command  was  introduced. 


Usage  Guidelines        Increasing  the  transmit  hold-count  value  can  have  a  significant  impact  on  CPU  utilization  when  the 

switch  is  in  rapid-per-VLAN  spanning-tree  plus  (rapid-PVST+)  mode.  Decreasing  this  value  might  slow 
down  convergence.  We  recommend  using  the  default  setting. 


Examples 


This  example  shows  how  to  set  the  transmit  hold  count  to  8: 

Switch (config) #  spanning-tree  transmit  hold-count  8 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  mst  privileged  EXEC  command. 


Related  Commands 


Command 

show  spanning-tree  mst 


Description 

Displays  the  multiple  spanning-tree  (MST)  region  configuration 
and  status,  including  the  transmit  hold  count. 
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spanning-tree  uplinkfast 


Use  the  spanning-tree  uplinkfast  global  configuration  command  to  accelerate  the  choice  of  a  new  root 
port  when  a  link  or  switch  fails  or  when  the  spanning  tree  reconfigures  itself.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

spanning-tree  uplinkfast  [max-update-rate  pkts-per-second] 

no  spanning-tree  uplinkfast  [max-update-rate] 


Syntax  Description      max-update-rate  pkts-per-second 


(Optional)  The  number  of  packets  per  second  at  which  update 
packets  are  sent.  The  range  is  0  to  32000. 


Defaults 


UplinkFast  is  disabled. 

The  update  rate  is  150  packets  per  second. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Use  this  command  only  on  access  switches. 

You  can  configure  the  UplinkFast  feature  for  rapid  PVST+  or  for  multiple  spanning-tree  (MST)  mode, 
but  the  feature  remains  disabled  (inactive)  until  you  change  the  spanning-tree  mode  to  PVST+. 

When  you  enable  UplinkFast,  it  is  enabled  for  the  entire  switch  and  cannot  be  enabled  for  individual 
VLANs. 

When  UplinkFast  is  enabled,  the  switch  priority  of  all  VLANs  is  set  to  49152.  If  you  change  the  path 
cost  to  a  value  less  than  3000  and  you  enable  UplinkFast  or  UplinkFast  is  already  enabled,  the  path  cost 
of  all  interfaces  and  VLAN  trunks  is  increased  by  3000  (if  you  change  the  path  cost  to  3000  or  above, 
the  path  cost  is  not  altered).  The  changes  to  the  switch  priority  and  the  path  cost  reduces  the  chance  that 
a  switch  will  become  the  root  switch. 

When  UplinkFast  is  disabled,  the  switch  priorities  of  all  VLANs  and  path  costs  of  all  interfaces  are  set 
to  default  values  if  you  did  not  modify  them  from  their  defaults. 

When  spanning  tree  detects  that  the  root  port  has  failed,  UplinkFast  immediately  changes  to  an  alternate 
root  port,  changing  the  new  root  port  directly  to  forwarding  state.  During  this  time,  a  topology  change 
notification  is  sent. 
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Do  not  enable  the  root  guard  on  interfaces  that  will  be  used  by  the  UplinkFast  feature.  With  UplinkFast, 
the  backup  interfaces  (in  the  blocked  state)  replace  the  root  port  in  the  case  of  a  failure.  However,  if  root 
guard  is  also  enabled,  all  the  backup  interfaces  used  by  the  UplinkFast  feature  are  placed  in  the 
root-inconsistent  state  (blocked)  and  prevented  from  reaching  the  forwarding  state. 

If  you  set  the  max-update-rate  to  0,  station-learning  frames  are  not  generated,  so  the  spanning-tree 
topology  converges  more  slowly  after  a  loss  of  connectivity. 


Switch (config) #  spanning-tree  uplinkfast 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  summary  privileged  EXEC  command. 


Examples 


This  example  shows  how  to  enable  UplinkFast: 


Related  Commands 


Command  Description 


show  spanning-tree  summary  Displays  a  summary  of  the  spanning-tree  interface  states. 


spanning-tree  vlan  root  primary      Forces  this  switch  to  be  the  root  switch. 
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spanning-tree  vlan 

Use  the  spanning-tree  vlan  global  configuration  command  to  configure  spanning  tree  on  a  per- VLAN 
basis.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

spanning-tree  vlan  vlan-id  [forward-time  seconds  I  hello-time  seconds  I  max-age  seconds  I 
priority  priority  I  root  {primary  I  secondary}  [diameter  net-diameter 
[hello-time  seconds]]] 

no  spanning-tree  vlan  vlan-id  [forward-time  I  hello-time  I  max-age  I  priority  I  root] 


Syntax  Description       vlan-id  VLAN  range  associated  with  a  spanning-tree  instance.  You  can  specify  a 

single  VLAN  identified  by  VLAN  ID  number,  a  range  of  VLANs  separated 
by  a  hyphen,  or  a  series  of  VLANs  separated  by  a  comma.  The  range  is  1  to 
4094. 

forward-time  seconds       (Optional)  Set  the  forward-delay  time  for  the  specified  spanning-tree 

instance.  The  forwarding  time  specifies  how  long  each  of  the  listening  and 
learning  states  last  before  the  interface  begins  forwarding.  The  range  is  4  to 
30  seconds. 

hello-time  seconds  (Optional)  Set  the  interval  between  hello  bridge  protocol  data  units 

(BPDUs)  sent  by  the  root  switch  configuration  messages.  The  range  is  1  to  10 
seconds. 

max-age  seconds  (Optional)  Set  the  interval  between  messages  the  spanning  tree  receives 

from  the  root  switch.  If  a  switch  does  not  receive  a  BPDU  message  from  the 
root  switch  within  this  interval,  it  recomputes  the  spanning-tree  topology. 
The  range  is  6  to  40  seconds. 

priority  priority  (Optional)  Set  the  switch  priority  for  the  specified  spanning-tree  instance. 

This  setting  affects  the  likelihood  that  this  switch  is  selected  as  the  root 
switch.  A  lower  value  increases  the  probability  that  the  switch  is  selected 
as  the  root  switch. 


The  range  is  0  to  61440  in  increments  of  4096.  Valid  priority  values  are 
4096,  8192,  12288,  16384, 20480, 24576,  28672,  32768,  36864, 40960, 
45056,  49152,  53248,  57344,  and  61440.  All  other  values  are  rejected. 


root  primary 

(Optional)  Force  this  switch  to  be  the  root  switch. 

root  secondary 

(Optional)  Set  this  switch  to  be  the  root  switch  should  the  primary  root 

switch  fail. 

diameter  net-diameter 

(Optional)  Set  the  maximum  number  of  switches  between  any  two  end 

stations.  The  range  is  2  to  7. 

Defaults  Spanning  tree  is  enabled  on  all  VLANs. 

The  forward-delay  time  is  15  seconds. 

The  hello  time  is  2  seconds. 

The  max-age  is  20  seconds. 

The  primary  root  switch  priority  is  24576. 

The  secondary  root  switch  priority  is  28672. 
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spanning-tree  vlan  HI 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        Disabling  the  STP  causes  the  VLAN  to  stop  participating  in  the  spanning-tree  topology.  Interfaces  that 
are  administratively  down  remain  down.  Received  BPDUs  are  forwarded  like  other  multicast  frames. 
The  VLAN  does  not  detect  and  prevent  loops  when  STP  is  disabled. 

You  can  disable  the  STP  on  a  VLAN  that  is  not  currently  active  and  verify  the  change  by  using  the  show 
running-config  or  the  show  spanning-tree  vlan  vlan-id  privileged  EXEC  command.  The  setting  takes 
effect  when  the  VLAN  is  activated. 

When  disabling  or  re-enabling  the  STP,  you  can  specify  a  range  of  VLANs  that  you  want  to  disable  or 
enable. 

When  a  VLAN  is  disabled  and  then  enabled,  all  assigned  VLANs  continue  to  be  its  members.  However, 
all  spanning-tree  bridge  parameters  are  returned  to  their  previous  settings  (the  last  setting  before  the 
VLAN  was  disabled). 

You  can  enable  spanning-tree  options  on  a  VLAN  that  has  no  interfaces  assigned  to  it.  The  setting  takes 
effect  when  you  assign  interfaces  to  it. 

When  setting  the  max-age  seconds,  if  a  switch  does  not  receive  BPDUs  from  the  root  switch  within  the 
specified  interval,  it  recomputes  the  spanning-tree  topology.  The  max-age  setting  must  be  greater  than 
the  hello-time  setting. 

The  spanning-tree  vlan  vlan-id  root  command  should  be  used  only  on  backbone  switches. 

When  you  enter  the  spanning-tree  vlan  vlan-id  root  command,  the  software  checks  the  switch  priority 
of  the  current  root  switch  for  each  VLAN.  Because  of  the  extended  system  ID  support,  the  switch  sets 
the  switch  priority  for  the  specified  VLAN  to  24576  if  this  value  will  cause  this  switch  to  become  the 
root  for  the  specified  VLAN.  If  any  root  switch  for  the  specified  VLAN  has  a  switch  priority  lower  than 
24576,  the  switch  sets  its  own  priority  for  the  specified  VLAN  to  4096  less  than  the  lowest  switch 
priority.  (4096  is  the  value  of  the  least-significant  bit  of  a  4-bit  switch  priority  value.) 

When  you  enter  the  spanning-tree  vlan  vlan-id  root  secondary  command,  because  of  support  for  the 
extended  system  ID,  the  software  changes  the  switch  priority  from  the  default  value  (32768)  to  28672. 
If  the  root  switch  should  fail,  this  switch  becomes  the  next  root  switch  (if  the  other  switches  in  the 
network  use  the  default  switch  priority  of  32768,  and  therefore,  are  unlikely  to  become  the  root  switch). 


Examples  This  example  shows  how  to  disable  the  STP  on  VLAN  5: 

Switch (config) #  no  spanning-tree  vlan  5 

You  can  verify  your  setting  by  entering  the  show  spanning-tree  privileged  EXEC  command.  In  this 
instance,  VLAN  5  does  not  appear  in  the  list. 

This  example  shows  how  to  set  the  spanning-tree  forwarding  time  to  18  seconds  for  VLANs  20  and  25: 

Switch (config) #  spanning-tree  vlan  20,25  forward-time  18 

This  example  shows  how  to  set  the  spanning-tree  hello-delay  time  to  3  seconds  for  VLANs  20  to  24: 

Switch (config) #  spanning-tree  vlan  20-24  hello-time  3 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  Blade  System  Command  Reference  Guide  j 


2-511 


I     spanning-tree  vlan 


Chapter  2   CGESM  Switch  Cisco  IPS  Commands  | 


This  example  shows  how  to  set  spanning-tree  max-age  to  30  seconds  for  VLAN  20: 

Switch (config) #  spanning-tree  vlan  20  max-age  30 

This  example  shows  how  to  reset  the  max-age  parameter  to  the  default  value  for  spanning-tree 
instance  100  and  105  to  108: 

Switch (config) #  no  spanning-tree  vlan  100,   105-108  max-age 

This  example  shows  how  to  set  the  spanning-tree  priority  to  8192  for  VLAN  20: 

Switch (config) #  spanning-tree  vlan  20  priority  8192 

This  example  shows  how  to  configure  the  switch  as  the  root  switch  for  VLAN  10  with  a  network 
diameter  of  4: 

Switch (config) #  spanning-tree  vlan  10  root  primary  diameter  4 

This  example  shows  how  to  configure  the  switch  as  the  secondary  root  switch  for  VLAN  10  with  a 
network  diameter  of  4: 

Switch (config) #  spanning-tree  vlan  10  root  secondary  diameter  4 

You  can  verify  your  settings  by  entering  the  show  spanning-tree  vlan  vlan-id  privileged  EXEC 
command. 


Related  Commands      Command  Description 


show  spanning-tree  vlan 

Displays  spanning-tree  information. 

spanning-tree  cost 

Sets  the  path  cost  for  spanning-tree  calculations. 

spanning-tree  guard 

Enables  the  root  guard  or  the  loop  guard  feature  for  all  the  VLANs 

associated  with  the  selected  interface. 

spanning-tree  port-priority 

Sets  an  interface  priority. 

spanning-tree  portfast  (global 

Globally  enables  the  BPDU  filtering  or  the  BPDU  guard  feature  on 

configuration) 

Port  Fast-enabled  interfaces  or  enables  the  Port  Fast  feature  on  all 

nontrunking  interfaces. 

spanning-tree  portfast 

Enables  the  Port  Fast  feature  on  an  interface  in  all  its  associated 

(interface  configuration) 

VLANs. 

spanning-tree  uplinkfast 

Enables  the  UplinkFast  feature,  which  accelerates  the  choice  of  a 

new  root  port. 
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speed 

Use  the  speed  interface  configuration  command  to  specify  the  speed  of  a  10/100  Mb/s  or 
10/100/1000  Mb/s  port.  Use  the  no  or  default  form  of  this  command  to  return  the  port  to  its  default 
value. 

speed  {10  I  100  I  1000  I  auto  [10  I  100  I  1000]  I  nonegotiate} 
no  speed 


Syntax  Description      10  Port  runs  at  10  Mb/s. 


100 

Port  runs  at  100  Mb/s. 

1000 

Port  runs  at  1000  Mb/s.  This  option  is  valid  and  visible  only  on  10/100/1000 

Mb/s-ports. 

auto 

Port  automatically  detects  the  speed  it  should  run  at  based  on  the  port  at  the  other 

end  of  the  link.  If  you  use  the  10, 100,  or  1000  keywords  with  the  auto  keyword,  the 

port  only  autonegotiates  at  the  specified  speeds. 

nonegotiate 

Autonegotiation  is  disabled,  and  the  port  runs  at  1000  Mb/s.  (The  1000BASE-T  SFP 

does  not  support  the  nonegotiate  keyword.) 

Defaults  The  default  is  auto. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1         This  command  was  introduced. 


Usage  Guidelines       Except  for  the  1000BASE-T  SFP  modules,  if  an  SFP  module  port  is  connected  to  a  device  that  does  not 
support  autonegotiation,  you  can  configure  the  speed  to  not  negotiate  (nonegotiate). 

If  the  speed  is  set  to  auto,  the  switch  negotiates  with  the  device  at  the  other  end  of  the  link  for  the  speed 
setting  and  then  forces  the  speed  setting  to  the  negotiated  value.  The  duplex  setting  remains  as 
configured  on  each  end  of  the  link,  which  could  result  in  a  duplex  setting  mismatch. 

If  both  ends  of  the  line  support  autonegotiation,  we  highly  recommend  the  default  autonegotiation 
settings.  If  one  interface  supports  autonegotiation  and  the  other  end  does  not,  do  use  the  auto  setting  on 
the  supported  side,  but  set  the  duplex  and  speed  on  the  other  side. 

A   

Caution      Changing  the  interface  speed  and  duplex  mode  configuration  might  shut  down  and  re-enable  the 
interface  during  the  reconfiguration. 


For  guidelines  on  setting  the  switch  speed  and  duplex  parameters,  see  the  "Configuring  Interface 
Characteristics"  chapter  in  the  software  configuration  guide  for  this  release. 
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Examples 


This  example  shows  how  to  set  the  speed  on  a  port  to  100  Mb/s: 


Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  speed  100 

This  example  shows  how  to  set  a  port  to  autonegotiate  at  only  10  Mb/s: 

Switch (config) #  interface  gigabitethernetO/1 

Switch ( config-if ) #  speed  auto  10 

This  example  shows  how  to  set  a  port  to  autonegotiate  at  only  10  or  100  Mb/s: 

Switch (config) #  interface  gigabitethernetO/l 
Switch (config-if ) #  speed  auto  10  100 

You  can  verify  your  settings  by  entering  the  show  interfaces  privileged  EXEC  command. 


Related  Commands 


Command 


Description 


duplex 


Specifies  the  duplex  mode  of  operation. 


show  interfaces 


Displays  the  statistical  information  specific  to  all  interfaces  or  to  a  specific 
interface. 
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srr-queue  bandwidth  limit 


Use  the  srr-queue  bandwidth  limit  interface  configuration  command  to  limit  the  maximum  output  on 
a  port.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

srr-queue  bandwidth  limit  weightl 

no  srr-queue  bandwidth  limit 


Syntax  Description  weightl 


Percentage  of  the  port  speed  to  which  the  port  should  be  limited.  The  range  is  10  to  90. 


Defaults 


The  port  is  not  rate  limited  and  is  set  to  100  percent. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


If  you  configure  this  command  to  80  percent,  the  port  is  idle  20  percent  of  the  time.  The  line  rate  drops 
to  80  percent  of  the  connected  speed.  These  values  are  not  exact  because  the  hardware  adjusts  the  line 
rate  in  increments  of  six. 


Note 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  quality 
of  service  (QoS)  solution. 


Examples  This  example  shows  how  to  limit  a  port  to  800  Mb/s: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  srr-queue  bandwidth  limit  80 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface-id]  queueing  privileged 
EXEC  command. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  Blade  System  Command  Reference  Guide  j 


2-515 


M     srr-queue  bandwidth  limit 


Chapter  2   CGESM  Switch  Cisco  IPS  Commands  | 


Related  Commands      Command  Description 

mis  qos  queue-set  output  buffers       Allocates  buffers  to  the  queue-set. 

mis  qos  srr-queue  output  cos-map      Maps  class  of  service  (CoS)  values  to  egress  queue  or  maps 

CoS  values  to  a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  dscp-map    Maps  Differentiated  Services  Code  Point  (DSCP)  values  to  an 

egress  queue  or  maps  DSCP  values  to  a  queue  and  to  a 
threshold  ID. 

mis  qos  queue-set  output  threshold    Config  ures  the  weighted  tail-drop  (WTD)  thresholds, 

guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  for  the  queue-set. 

queue-set  Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  queueing        Displays  QoS  information. 

srr-queue  bandwidth  shape  Assigns  the  shaped  weights  and  enables  bandwidth  shaping  on 

the  four  egress  queues  mapped  to  a  port. 

srr-queue  bandwidth  share  Assigns  the  shared  weights  and  enables  bandwidth  sharing  on 

the  four  egress  queues  mapped  to  a  port. 
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srr-queue  bandwidth  shape 


Use  the  srr-queue  bandwidth  shape  interface  configuration  command  to  assign  the  shaped  weights  and 
to  enable  bandwidth  shaping  on  the  four  egress  queues  mapped  to  a  port.  Use  the  no  form  of  this 
command  to  return  to  the  default  setting. 

srr-queue  bandwidth  shape  weightl  weight2  weight3  weight4 

no  srr-queue  bandwidth  shape 


Syntax  Description 


weightl  weight2 
weight3  weight4 


Specify  the  weights  to  specify  the  percentage  of  the  port  that  is  shaped.  The 
inverse  ratio  (l/weight)  specifies  the  shaping  bandwidth  for  this  queue. 
Separate  each  value  with  a  space.  The  range  is  0  to  65535. 


Defaults 


Weightl  is  set  to  25.  Weight2,  weight3,  and  weight4  are  set  to  0,  and  these  queues  are  in  shared  mode. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


X 

Note 


In  shaped  mode,  the  queues  are  guaranteed  a  percentage  of  the  bandwidth,  and  they  are  rate-limited  to 
that  amount.  Shaped  traffic  does  not  use  more  than  the  allocated  bandwidth  even  if  the  link  is  idle.  Use 
shaping  to  smooth  bursty  traffic  or  to  provide  a  smoother  output  over  time. 

The  shaped  mode  overrides  the  shared  mode. 

If  you  configure  a  shaped  queue  weight  to  0  by  using  the  srr-queue  bandwidth  shape  interface 
configuration  command,  this  queue  participates  in  shared  mode.  The  weight  specified  with  the 
srr-queue  bandwidth  shape  command  is  ignored,  and  the  weights  specified  with  the  srr-queue 
bandwidth  share  interface  configuration  command  for  a  queue  come  into  effect. 

When  configuring  queues  for  the  same  port  for  both  shaping  and  sharing,  make  sure  that  you  configure 
the  lowest  numbered  queue  for  shaping. 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  QoS 
solution. 
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Examples  This  example  shows  how  to  configure  the  queues  for  the  same  port  for  both  shaping  and  sharing.  Because 

the  weight  ratios  for  queues  2,  3,  and  4  are  set  to  0,  these  queues  operate  in  shared  mode.  The  bandwidth 
weight  for  queue  1  is  1/8,  which  is  12.5  percent.  Queue  1  is  guaranteed  this  bandwidth  and  limited  to  it; 
it  does  not  extend  its  slot  to  the  other  queues  even  if  the  other  queues  have  no  traffic  and  are  idle.  Queues 
2,  3,  and  4  are  in  shared  mode,  and  the  setting  for  queue  1  is  ignored.  The  bandwidth  ratio  allocated  for 
the  queues  in  shared  mode  is  4/(4+4+4),  which  is  33  percent: 

Switch ( config) #  interface  gigabitethernetO/1 

Switch (config-if) #  srr-queue  bandwidth  shape  8  0  0  0 

Switch ( config-if ) #  srr-queue  bandwidth  share  4  4  4  4 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface -id]  queueing  privileged 
EXEC  command. 


Related  Commands      Command  Description 

mis  qos  queue-set  output  buffers       Allocates  buffers  to  a  queue-set. 

mis  qos  srr-queue  output  cos-map      Maps  class  of  service  (CoS)  values  to  an  egress  queue  or  maps 

CoS  values  to  a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  dscp-map    Maps  Differentiated  Services  Code  Point  (DSCP)  values  to  an 

egress  queue  or  maps  DSCP  values  to  a  queue  and  to  a 
threshold  ID. 

mis  qos  queue-set  output  threshold    Config  ures  the  weighted  tail-drop  (WTD)  thresholds, 

guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  to  a  queue-set. 

priority- queue  Enables  the  egress  expedite  queue  on  a  port. 

queue-set  Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  queueing        Displays  quality  of  service  (QoS)  information. 

srr-queue  bandwidth  share  Assigns  the  shared  weights  and  enables  bandwidth  sharing  on 

the  four  egress  queues  mapped  to  a  port. 
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srr-queue  bandwidth  share 


Use  the  srr-queue  bandwidth  share  interface  configuration  command  switch  to  assign  the  shared 
weights  and  to  enable  bandwidth  sharing  on  the  four  egress  queues  mapped  to  a  port.  The  ratio  of  the 
weights  is  the  ratio  of  frequency  in  which  the  shaped  round  robin  (SRR)  scheduler  dequeues  packets 
from  each  queue.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

srr-queue  bandwidth  share  weightl  weight!  weight3  weight4 

no  srr-queue  bandwidth  share 


Syntax  Description 


weightl  weight2 
weight3  weight4 


The  ratios  of  weightl,  weightl,  weight3,  and  weight4  specify  the  ratio  of  the 
frequency  in  which  the  SRR  scheduler  dequeues  packets.  Separate  each  value 
with  a  space.  The  range  is  1  to  255. 


Defaults 


Weightl,  weight2,  weight3,  and  weight4  are  25  (1/4  of  the  bandwidth  is  allocated  to  each  queue). 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  absolute  value  of  each  weight  is  meaningless,  and  only  the  ratio  of  parameters  is  used. 

In  shared  mode,  the  queues  share  the  bandwidth  among  them  according  to  the  configured  weights.  The 
bandwidth  is  guaranteed  at  this  level  but  not  limited  to  it.  For  example,  if  a  queue  empties  and  does  not 
require  a  share  of  the  link,  the  remaining  queues  can  expand  into  the  unused  bandwidth  and  share  it 
among  themselves. 

If  you  configure  a  shaped  queue  weight  to  0  by  using  the  srr-queue  bandwidth  shape  interface 
configuration  command,  this  queue  participates  in  SRR  shared  mode.  The  weight  specified  with  the 
srr-queue  bandwidth  shape  command  is  ignored,  and  the  weights  specified  with  the  srr-queue 
bandwidth  share  interface  configuration  command  for  a  queue  take  effect. 

When  configuring  queues  for  the  same  port  for  both  shaping  and  sharing,  make  sure  that  you  configure 
the  lowest  numbered  queue  for  shaping. 


Note 


The  egress  queue  default  settings  are  suitable  for  most  situations.  You  should  change  them  only  when 
you  have  a  thorough  understanding  of  the  egress  queues  and  if  these  settings  do  not  meet  your  QoS 
solution. 
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Examples  This  example  shows  how  to  configure  the  weight  ratio  of  the  SRR  scheduler  running  on  an  egress  port. 

Four  queues  are  used.  The  bandwidth  ratio  allocated  for  each  queue  in  shared  mode  is  1/(1+2+3+4), 
2/(1+2+3+4),  3/(1+2+3+4),  and  4/(1+2+3+4),  which  is  10  percent,  20  percent,  30  percent,  and  40 
percent  for  queues  1,  2,  3,  and  4.  This  means  that  queue  4  has  four  times  the  bandwidth  of  queue  1,  twice 
the  bandwidth  of  queue  2,  and  one-and-a-third  times  the  bandwidth  of  queue  3. 

Switch (config) #  interface  gigabitethernetO/1 

Switch ( config-if ) #  srr-queue  bandwidth  share  12  3  4 

You  can  verify  your  settings  by  entering  the  show  mis  qos  interface  [interface -id]  queueing  privileged 
EXEC  command. 


Related  Commands      Command  Description 

mis  qos  queue-set  output  buffers       Allocates  buffers  to  a  queue-set. 

mis  qos  srr-queue  output  cos-map      Maps  class  of  service  (CoS)  values  to  an  egress  queue  or  maps 

CoS  values  to  a  queue  and  to  a  threshold  ID. 

mis  qos  srr-queue  output  dscp-map    Maps  Differentiated  Services  Code  Point  (DSCP)  values  to  an 

egress  queue  or  maps  DSCP  values  to  a  queue  and  to  a 
threshold  ID. 

mis  qos  queue-set  output  threshold    Config  ures  the  weighted  tail-drop  (WTD)  thresholds, 

guarantees  the  availability  of  buffers,  and  configures  the 
maximum  memory  allocation  to  a  queue-set. 

priority- queue  Enables  the  egress  expedite  queue  on  a  port. 

queue-set  Maps  a  port  to  a  queue-set. 

show  mis  qos  interface  queueing        Displays  quality  of  service  (QoS)  information. 

srr-queue  bandwidth  shape  Assigns  the  shaped  weights  and  enables  bandwidth  shaping  on 

the  four  egress  queues  mapped  to  a  port. 
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storm-control 

Use  the  storm-control  interface  configuration  command  to  enable  broadcast,  multicast,  or  unicast  storm 
control  and  to  set  threshold  levels  on  an  interface.  Use  the  no  form  of  this  command  to  return  to  the 
default  setting. 

storm-control  { {broadcast  I  multicast  I  unicast}  level  {level  [level-low]  I  bps  bps  [bps-low]  I  pps 
pps  [pps -low] } }  I  {action  {shutdown  I  trap}} 

no  storm-control  { {broadcast  I  multicast  I  unicast}  level}  I  {action  {shutdown  I  trap} } 


Syntax  Description      broadcast  Enable  broadcast  storm  control  on  the  interface. 


multicast 

Enable  multicast  storm  control  on  the  interface. 

unicast 

Enable  unicast  storm  control  on  the  interface. 

level  level  Specify  the  rising  and  falling  suppression  levels  as  a  percentage  of  total  bandwidth 

[level-low]  of  the  port. 


•  level — Rising  suppression  level,  up  to  two  decimal  places.  The  range  is  0.00  to 
100.00.  Block  the  flooding  of  storm  packets  when  the  value  specified  for  level 
is  reached. 

•  level-low — (Optional)  Falling  suppression  level,  up  to  two  decimal  places.  The 
range  is  0.00  to  100.00.  This  value  must  be  less  than  or  equal  to  the  rising 
suppression  value.  If  you  do  not  configure  a  falling  suppression  level,  it  is  set  to 
the  rising  suppression  level. 

Specify  the  rising  and  falling  suppression  levels  as  a  rate  in  bits  per  second  at  which 
traffic  is  received  on  the  port. 

•  bps — Rising  suppression  level,  up  to  1  decimal  place.  The  range  is  0.0  to 
10000000000.0.  Block  the  flooding  of  storm  packets  when  the  value  specified 
for  bps  is  reached. 

•  bps-low — (Optional)  Falling  suppression  level,  up  to  1  decimal  place.  The  range 
is  0.0  to  10000000000.0.  This  value  must  be  equal  to  or  less  than  the  rising 
suppression  value. 

You  can  use  metric  suffixes  such  as  k,  m,  and  g  for  large  number  thresholds. 


level  bps  bps 

[bps-low] 
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level  pps  pps 

[pps-low] 


action 
{shutdown  I 
trap} 


Specify  the  rising  and  falling  suppression  levels  as  a  rate  in  packets  per  second  at 
which  traffic  is  received  on  the  port. 

•  pps — Rising  suppression  level,  up  to  1  decimal  place.  The  range  is  0.0  to 
10000000000.0.  Block  the  flooding  of  storm  packets  when  the  value  specified 
for  pps  is  reached. 

•  pps-low — (Optional)  Falling  suppression  level,  up  to  1  decimal  place.  The  range 
is  0.0  to  10000000000.0.  This  value  must  be  equal  to  or  less  than  the  rising 
suppression  value. 

You  can  use  metric  suffixes  such  as  k,  m,  and  g  for  large  number  thresholds. 

Action  taken  when  a  storm  occurs  on  a  port.  The  default  action  is  to  filter  traffic  and 
to  not  send  an  Simple  Network  Management  Protocol  (SNMP)  trap. 

The  keywords  have  these  meanings: 

•  shutdown — Disables  the  port  during  a  storm. 

•  trap — Sends  an  SNMP  trap  when  a  storm  occurs. 


Defaults 


Broadcast,  multicast,  and  unicast  storm  control  are  disabled. 

The  default  action  is  to  filter  traffic  and  to  not  send  an  SNMP  trap. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Storm  control  is  supported  only  on  physical  interfaces.  It  is  not  supported  on  EtherChannel  port 
channels,  even  though  it  is  available  in  the  command-line  interface  (CLI). 

The  storm-control  suppression  level  can  be  entered  as  a  percentage  of  total  bandwidth  of  the  port,  as  a 
rate  in  packets  per  second  at  which  traffic  is  received,  or  as  a  rate  in  bits  per  second  at  which  traffic  is 
received. 

When  specified  as  a  percentage  of  total  bandwidth,  a  suppression  value  of  100  percent  means  that  no 
limit  is  placed  on  the  specified  traffic  type.  A  value  of  level  0  0  means  that  all  broadcast,  multicast,  or 
unicast  traffic  on  that  port  is  blocked.  Storm  control  is  enabled  only  when  the  rising  suppression  level  is 
less  than  100  percent.  If  no  other  storm-control  configuration  is  specified,  the  default  action  is  to  filter 
the  traffic  causing  the  storm  and  to  send  no  SNMP  traps. 


Note 


When  the  storm  control  threshold  for  multicast  traffic  is  reached,  all  multicast  traffic  except  control 
traffic,  such  as  bridge  protocol  data  unit  (BDPU)  and  Cisco  Discovery  Protocol  (CDP)  frames,  are 
blocked. 


The  trap  and  shutdown  options  are  independent  of  each  other. 
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If  you  configure  the  action  to  be  taken  as  shutdown  (the  port  is  error-disabled  during  a  storm)  when  a 
packet  storm  is  detected,  you  must  use  the  no  shutdown  interface  configuration  command  to  bring  the 
interface  out  of  this  state.  If  you  do  not  specify  the  shutdown  action,  specify  the  action  as  trap  (the 
switch  generates  a  trap  when  a  storm  is  detected). 

When  a  storm  occurs  and  the  action  is  to  filter  traffic,  if  the  falling  suppression  level  is  not  specified,  the 
switch  blocks  all  traffic  until  the  traffic  rate  drops  below  the  rising  suppression  level.  If  the  falling 
suppression  level  is  specified,  the  switch  blocks  traffic  until  the  traffic  rate  drops  below  this  level. 

When  a  broadcast  storm  occurs  and  the  action  is  to  filter  traffic,  the  switch  blocks  only  broadcast  traffic. 

For  more  information,  see  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  enable  broadcast  storm  control  with  a  75.5-percent  rising  suppression  level: 

Switch (config-if) #  storm-control  broadcast  level  75.5 

This  example  shows  how  to  enable  unicast  storm  control  on  a  port  with  a  87-percent  rising  suppression 
level  and  a  65-percent  falling  suppression  level: 

Switch (config-if ) #  storm-control  unicast  level  87  65 

This  example  shows  how  to  enable  multicast  storm  control  on  a  port  with  a  2000-packets-per-second 
rising  suppression  level  and  a  1000-packets-per-second  falling  suppression  level: 

Switch (config-if ) #  storm-control  multicast  level  pps  2k  lk 

This  example  shows  how  to  enable  the  shutdown  action  on  a  port: 

Switch (config-if ) #  storm-control  action  shutdown 

You  can  verify  your  settings  by  entering  the  show  storm-control  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  storm-control  Displays  broadcast,  multicast,  or  unicast  storm  control  settings  on  all 

interfaces  or  on  a  specified  interface. 
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switchport  access 

Use  the  switchport  access  interface  configuration  command  to  configure  a  port  as  a  static-access  or 
dynamic-access  port.  If  the  switchport  mode  is  set  to  access,  the  port  operates  as  a  member  of  the 
specified  VLAN.  If  set  to  dynamic,  the  port  starts  discovery  of  VLAN  assignment  based  on  the  incoming 
packets  it  receives.  Use  the  no  form  of  this  command  to  reset  the  access  mode  to  the  default  VLAN  for 
the  switch. 

switchport  access  vlan  {vlan-id  I  dynamic} 
no  switchport  access  vlan 


Syntax  Description      vlan  vlan-id  Configure  the  interface  as  a  static  access  port  with  the  VLAN  ID  of  the 

access  mode  VLAN;  the  range  is  1  to  4094. 

vlan  dynamic  Specify  that  the  access  mode  VLAN  is  dependent  on  the  VLAN  Membership 

Policy  Server  (VMPS)  protocol.  The  port  is  assigned  to  a  VLAN  based  on 
the  source  MAC  address  of  a  host  (or  hosts)  connected  to  the  port.  The  switch 
sends  every  new  MAC  address  received  to  the  VMPS  server  to  get  the  VLAN 
name  to  which  the  dynamic-access  port  should  be  assigned.  If  the  port 
already  has  a  VLAN  assigned  and  the  source  has  already  been  approved  by 
the  VMPS,  the  switch  forwards  the  packet  to  the  VLAN. 


Defaults  The  default  access  VLAN  and  trunk  interface  native  VLAN  is  a  default  VLAN  corresponding  to  the 

platform  or  interface  hardware. 

A  dynamic-access  port  is  initially  a  member  of  no  VLAN  and  receives  its  assignment  based  on  the  packet 
it  receives. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  no  switchport  access  command  resets  the  access  mode  VLAN  to  the  appropriate  default  VLAN  for 
the  device. 

The  port  must  be  in  access  mode  before  the  switchport  access  vlan  command  can  take  effect. 
An  access  port  can  be  assigned  to  only  one  VLAN. 

The  VMPS  server  (such  as  a  Catalyst  6000  series  switch)  must  be  configured  before  a  port  is  configured 
as  dynamic. 

These  restrictions  apply  to  dynamic-access  ports: 

The  software  implements  the  VLAN  Query  Protocol  (VQP)  client,  which  can  query  a  VMPS  such  as  a 
Catalyst  6000  series  switch.  The  Cisco  Gigabit  Ethernet  Switch  Modules  (CGESMs)  are  not  VMPS 
servers.  The  VMPS  server  must  be  configured  before  a  port  is  configured  as  dynamic. 
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•  Use  dynamic-access  ports  only  to  connect  end  stations.  Connecting  them  to  switches  or  routers  (that 
use  bridging  protocols)  can  cause  a  loss  of  connectivity. 

•  Configure  the  network  so  that  STP  does  not  put  the  dynamic-access  port  into  an  STP  blocking  state. 
The  Port  Fast  feature  is  automatically  enabled  on  dynamic-access  ports. 

•  Dynamic-access  ports  can  only  be  in  one  VLAN  and  do  not  use  VLAN  tagging. 

•  Dynamic-access  ports  cannot  be  configured  as 

-  Members  of  an  EtherChannel  port  group  (dynamic-access  ports  cannot  be  grouped  with  any 
other  port,  including  other  dynamic  ports). 

-  Source  or  destination  ports  in  a  static  address  entry. 

-  Monitor  ports. 


Examples  This  example  shows  how  to  change  a  switched  port  interface  that  is  operating  in  access  mode  to  operate 

in  VLAN  2  instead  of  the  default  VLAN: 

Switch (config-if) #  switchport  access  vlan  2 

You  can  verify  your  setting  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command  and  examining  information  in  the  Administrative  Mode  and  Operational  Mode  rows. 


Related  Commands      Command  Description 

show  interfaces  switchport     Displays  the  administrative  and  operational  status  of  a  switching  port, 

including  port  blocking  and  port  protection  settings. 

switchport  mode  Configures  the  VLAN  membership  mode  of  a  port. 
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Use  the  switchport  backup  interface  interface  configuration  command  on  a  Layer  2  interface  to 
configure  Flex  Links,  a  pair  of  interfaces  that  provide  backup  to  each  other.  Use  the  no  form  of  this 
command  to  remove  the  Flex  Links  configuration. 

switchport  backup  interface  {interface-id}  [mmu  primary  vlan  vlan-id  I  preemption  {delay 
delay -time  I  mode  {bandwidth  I  forced  I  off  J }] 

no  switchport  backup  interface  {interface-id}  [mmu  primary  vlan  I  preemption  {delay  I  mode}] 


Syntax  Description  interface-id 


Specify  that  the  Layer  2  interface  to  act  as  a  backup  link  to  the  interface 
being  configured.  The  interface  can  be  a  physical  interface  or  port  channel. 
The  port-channel  range  is  1  to  48. 


mmu 

Configure  the  MAC  move  update  (MMU)  for  a  backup  interface  pair. 

primary  vlan  vlan-id 

The  VLAN  ID  of  the  private-VLAN  primary  VLAN;  valid  range  is  1  to  4094. 

preemption 

Configure  a  preemption  scheme  for  a  backup  interface  pair. 

mode 

Specifies  a  preemption  mode  as  bandwidth,  forced,  or  off. 

bandwidth 

(Optional)  Specify  that  the  interface  with  the  higher  available  bandwidth 

always  preempts  the  backup. 

forced 

(Optional)  Specify  that  the  interface  always  preempts  the  backup. 

off 

(Optional)  Specify  that  no  preemption  occurs  from  backup  to  active. 

delay  delay-time 

(Optional)  Specify  a  preemption  delay;  the  valid  values  are  1  to  300  seconds. 

Defaults 


The  default  is  to  have  no  Flex  Links  defined. 
Preemption  mode  is  off.  No  preemption  occurs. 
Preemption  delay  is  set  to  35  seconds. 


Command  Modes 


Interface  configuration 


Command  History 
Usage  Guidelines 


With  Flex  Links  configured,  one  link  acts  as  the  primary  interface  and  forwards  traffic,  while  the  other 
interface  is  in  standby  mode,  ready  to  begin  forwarding  traffic  if  the  primary  link  shuts  down.  The 
interface  being  configured  is  referred  to  as  the  active  link;  the  specified  interface  is  identified  as  the 
backup  link.  The  feature  provides  an  alternative  to  the  Spanning  Tree  Protocol  (STP),  allowing  users  to 
turn  off  STP  and  still  retain  basic  link  redundancy. 

•  This  command  is  available  only  for  Layer  2  interfaces. 

•  You  can  configure  only  one  Flex  Link  backup  link  for  any  active  link,  and  it  must  be  a  different 
interface  from  the  active  interface. 

•  An  interface  can  belong  to  only  one  Flex  Link  pair.  An  interface  can  be  a  backup  link  for  only  one 
active  link.  An  active  link  cannot  belong  to  another  Flex  Link  pair. 


2-526 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  Blade  System  Command  Reference  Guide 


380265-003  I 


I  Chapter  2  CGESM  Switch  Cisco  IPS  Commands 


switchport  backup  interface  M 


•  A  backup  link  does  not  have  to  be  the  same  type  (Fast  Ethernet  or  Gigabit  Ethernet,  for  instance)  as 
the  active  link.  However,  you  should  configure  both  Flex  Links  with  similar  characteristics  so  that 
there  are  no  loops  or  changes  in  behavior  if  the  standby  link  begins  to  forward  traffic. 

•  Neither  of  the  links  can  be  a  port  that  belongs  to  an  EtherChannel.  However,  you  can  configure  two 
port  channels  (EtherChannel  logical  interfaces)  as  Flex  Links,  and  you  can  configure  a  port  channel 
and  a  physical  interface  as  Flex  Links,  with  either  the  port  channel  or  the  physical  interface  as  the 
active  link. 

•  If  STP  is  configured  on  the  switch,  Flex  Links  do  not  participate  in  STP  in  all  valid  VLANs.  If  STP 
is  not  running,  be  sure  that  there  are  no  loops  in  the  configured  topology. 


Examples  This  example  shows  how  to  configure  two  interfaces  as  Flex  Links: 

Switch#  configure  terminal 

Switch ( conf ) #  interface  f astethernetO/1 

Switch ( conf -if ) #  switchport  backup  interface  f astethernetO/2 

Switch (conf-if) #  end 

This  example  shows  how  to  configure  the  Fast  Ethernet  interface  to  always  preempt  the  backup: 

Switch#  configure  terminal 

Switch ( conf ) #  interface  f astethernetO/1 

Switch(conf-if ) #  switchport  backup  interface  fastethernetO/2  preemption  forced 

Switch ( conf -if ) #  end 

This  example  shows  how  to  configure  the  Fast  Ethernet  interface  preemption  delay  time: 

Switch#  configure  terminal 

Switch ( conf ) #  interface  f astethernetO/1 

Switch (conf-if ) #  switchport  backup  interface  f astethernetO/2  preemption  delay  150 

Switch ( conf -if ) #  end 

This  example  shows  how  to  configure  the  Fast  Ethernet  interface  as  the  MMU  primary  VLAN: 

Switch#  configure  terminal 

Switch ( conf ) #  interface  f astethernetO/1 

Switch (conf-if ) #  switchport  backup  interface  fastethernetO/2  mmu  primary  vlan  1021 

Switch (conf-if ) #  end 

You  can  verify  your  setting  by  entering  the  show  interfaces  switchport  backup  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  [interface-id]  Displays  the  configured  Flex  Links  and  their  status  on  the  switch  or 
switchport  backup  for  the  specified  interface. 
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switchport  block 

Use  the  switchport  block  interface  configuration  command  to  prevent  unknown  multicast  or  unicast 
packets  from  being  forwarded.  Use  the  no  form  of  this  command  to  allow  forwarding  unknown  multicast 
or  unicast  packets. 

switchport  block  {multicast  I  unicast} 

no  switchport  block  {multicast  I  unicast} 


Syntax  Description      multicast  Specify  that  unknown  multicast  traffic  should  be  blocked. 

unicast  Specify  that  unknown  unicast  traffic  should  be  blocked. 


Defaults  Unknown  multicast  and  unicast  traffic  is  not  blocked. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        By  default,  all  traffic  with  unknown  MAC  addresses  is  sent  to  all  ports.  You  can  block  unknown  multicast 
or  unicast  traffic  on  protected  or  nonprotected  ports.  If  unknown  multicast  or  unicast  traffic  is  not 
blocked  on  a  protected  port,  there  could  be  security  issues. 

Blocking  unknown  multicast  or  unicast  traffic  is  not  automatically  enabled  on  protected  ports;  you  must 
explicitly  configure  it. 

For  more  information  about  blocking  packets,  see  the  software  configuration  guide  for  this  release. 


Examples  This  example  shows  how  to  block  unknown  multicast  traffic  on  an  interface: 

Switch (config-if) #  switchport  block  multicast 

You  can  verify  your  setting  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  switchport     Displays  the  administrative  and  operational  status  of  a  switching  port, 

including  port  blocking  and  port  protection  settings. 
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switch  port  host 

Use  the  switchport  host  interface  configuration  command  to  optimize  a  port  for  a  host  connection.  The 
no  form  of  this  command  has  no  affect  on  the  system. 

switchport  host 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  The  default  is  for  the  port  to  not  be  optimized  for  a  host  connection. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       To  optimize  the  port  for  a  host  connection,  the  switchport  host  command  sets  switch  port  mode  to 

access,  enables  spanning  tree  Port  Fast,  and  disables  channel  grouping.  Only  an  end  station  can  accept 
this  configuration. 

Because  spanning  tree  Port  Fast  is  enabled,  you  should  enter  the  switchport  host  command  only  on  ports 
that  are  connected  to  a  single  host.  Connecting  other  switches,  hubs,  concentrators,  or  bridges  to  a 
fast-start  port  can  cause  temporary  spanning-tree  loops. 

Enable  the  switchport  host  command  to  decrease  the  time  that  it  takes  to  start  up  packet  forwarding. 


Examples  This  example  shows  how  to  optimize  the  port  configuration  for  a  host  connection: 

Switch ( config-if ) #  switchport  host 

switchport  mode  will  be  set  to  access 
spanning-tree  portfast  will  be  enabled 
channel  group  will  be  disabled 
Switch(conf ig-if ) # 

You  can  verify  your  setting  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  switchport     Displays  the  administrative  and  operational  status  of  a  switching  port, 

including  switchport  mode. 
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Use  the  switchport  mode  interface  configuration  command  to  configure  the  VLAN  membership  mode 
of  a  port.  Use  the  no  form  of  this  command  to  reset  the  mode  to  the  appropriate  default  for  the  device. 

switchport  mode  {access  I  dynamic  {auto  I  desirable}  I  trunk} 

no  switchport  mode  {access  I  dynamic  I  trunk} 


Syntax  Description  access 


Set  the  port  to  access  mode  (either  static-access  or  dynamic-access  depending 
on  the  setting  of  the  switchport  access  vlan  interface  configuration  command). 
The  port  is  set  to  access  unconditionally  and  operates  as  a  nontrunking,  single 
VLAN  interface  that  sends  and  receives  nonencapsulated  (non-tagged)  frames. 
An  access  port  can  be  assigned  to  only  one  VLAN. 

Set  the  interface  trunking  mode  dynamic  parameter  to  auto  to  specify  that  the 
interface  convert  the  link  to  a  trunk  link.  This  is  the  default  switchport  mode. 

Set  the  interface  trunking  mode  dynamic  parameter  to  desirable  to  specify  that 
the  interface  actively  attempt  to  convert  the  link  to  a  trunk  link. 

trunk  Set  the  port  to  trunk  unconditionally.  The  port  is  a  trunking  VLAN  Layer  2 

interface.  The  port  sends  and  receives  encapsulated  (tagged)  frames  that 
identify  the  VLAN  of  origination.  A  trunk  is  a  point-to-point  link  between  two 
switches  or  between  a  switch  and  a  router. 


dynamic  auto 


dynamic  desirable 


Defaults 


The  default  mode  is  dynamic  auto. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


A  configuration  that  uses  the  access  or  trunk  keywords  takes  effect  only  when  you  configure  the  port  in 
the  appropriate  mode  by  using  the  switchport  mode  command.  The  static-access  and  trunk 
configuration  are  saved,  but  only  one  configuration  is  active  at  a  time. 

When  you  enter  access  mode,  the  interface  changes  to  permanent  nontrunking  mode  and  negotiates  to 
convert  the  link  into  a  nontrunk  link  even  if  the  neighboring  interface  does  not  agree  to  the  change. 

When  you  enter  trunk  mode,  the  interface  changes  to  permanent  trunking  mode  and  negotiates  to 
convert  the  link  into  a  trunk  link  even  if  the  interface  connecting  to  it  does  not  agree  to  the  change. 

When  you  enter  dynamic  auto  mode,  the  interface  converts  the  link  to  a  trunk  link  if  the  neighboring 
interface  is  set  to  trunk  or  desirable  mode. 

When  you  enter  dynamic  desirable  mode,  the  interface  becomes  a  trunk  interface  if  the  neighboring 
interface  is  set  to  trunk,  desirable,  or  auto  mode. 
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To  autonegotiate  trunking,  the  interfaces  must  be  in  the  same  VLAN  Trunking  Protocol  (VTP)  domain. 
Trunk  negotiation  is  managed  by  the  Dynamic  Trunking  Protocol  (DTP),  which  is  a  point-to-point 
protocol.  However,  some  internetworking  devices  might  forward  DTP  frames  improperly,  which  could 
cause  misconfigurations.  To  avoid  this,  you  should  configure  interfaces  connected  to  devices  that  do  not 
support  DTP  to  not  forward  DTP  frames,  which  turns  off  DTP. 

•  If  you  do  not  intend  to  trunk  across  those  links,  use  the  switchport  mode  access  interface 
configuration  command  to  disable  trunking. 

•  To  enable  trunking  to  a  device  that  does  not  support  DTP,  use  the  switchport  mode  trunk  and 
switchport  nonegotiate  interface  configuration  commands  to  cause  the  interface  to  become  a  trunk 
but  to  not  generate  DTP  frames. 

Access  ports  and  and  trunk  ports  are  mutually  exclusive. 

The  IEEE  802. lx  feature  interacts  with  switchport  modes  in  these  ways: 

•  If  you  try  to  enable  IEEE  802.  lx  on  a  trunk  port,  an  error  message  appears,  and  IEEE  802.  lx  is  not 
enabled.  If  you  try  to  change  the  mode  of  an  IEEE  802.1x-enabled  port  to  trunk,  the  port  mode  is 
not  changed. 

•  If  you  try  to  enable  IEEE  802.  lx  on  a  port  set  to  dynamic  auto  or  dynamic  desirable,  an  error 
message  appears,  and  IEEE  802.  lx  is  not  enabled.  If  you  try  to  change  the  mode  of  an 

IEEE  802.1x-enabled  port  to  dynamic  auto  or  dynamic  desirable,  the  port  mode  is  not  changed. 

•  If  you  try  to  enable  IEEE  802.  lx  on  a  dynamic-access  (VLAN  Query  Protocol  [VQP])  port,  an  error 
message  appears,  and  IEEE  802.  lx  is  not  enabled.  If  you  try  to  change  an  IEEE  802.1x-enabled  port 
to  dynamic  VLAN  assignment,  an  error  message  appears,  and  the  VLAN  configuration  is  not 
changed. 


Examples  This  example  shows  how  to  configure  a  port  for  access  mode: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  switchport  mode  access 

This  example  shows  how  set  the  port  to  dynamic  desirable  mode: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if ) #  switchport  mode  dynamic  desirable 

This  example  shows  how  to  configure  a  port  for  trunk  mode: 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if ) #  switchport  mode  trunk 

You  can  verify  your  settings  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command  and  examining  information  in  the  Administrative  Mode  and  Operational  Mode  rows. 


Related  Commands      Command  Description 

show  interfaces  switchport       Displays  the  administrative  and  operational  status  of  a  switching 

port,  including  port  blocking  and  port  protection  settings. 

switchport  access  Configures  a  port  as  a  static-access  or  dynamic-access  port. 

switchport  trunk  Configures  the  trunk  characteristics  when  an  interface  is  in  trunking 

mode. 
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Use  the  switchport  nonegotiate  interface  configuration  command  to  specify  that  Dynamic  Trunking 
Protocol  (DTP)  negotiation  packets  are  not  sent  on  the  Layer  2  interface.  The  switch  does  not  engage  in 
DTP  negotiation  on  this  interface.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

switchport  nonegotiate 

no  switchport  nonegotiate 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


The  default  is  to  use  DTP  negotiation  to  learn  the  trunking  status. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  no  form  of  the  switchport  nonegotiate  command  removes  nonegotiate  status. 

This  command  is  valid  only  when  the  interface  switchport  mode  is  access  or  trunk  (configured  by  using 
the  switchport  mode  access  or  the  switchport  mode  trunk  interface  configuration  command).  This 
command  returns  an  error  if  you  attempt  to  execute  it  in  dynamic  (auto  or  desirable)  mode. 

Internetworking  devices  that  do  not  support  DTP  might  forward  DTP  frames  improperly  and  cause 
misconfigurations.  To  avoid  this,  you  should  turn  off  DTP  by  using  the  switchport  no  negotiate 
command  to  configure  the  interfaces  connected  to  devices  that  do  not  support  DTP  to  not  forward  DTP 
frames. 

When  you  enter  the  switchport  nonegotiate  command,  DTP  negotiation  packets  are  not  sent  on  the 
interface.  The  device  does  or  does  not  trunk  according  to  the  mode  parameter:  access  or  trunk. 

•  If  you  do  not  intend  to  trunk  across  those  links,  use  the  switchport  mode  access  interface 
configuration  command  to  disable  trunking. 

•  To  enable  trunking  on  a  device  that  does  not  support  DTP,  use  the  switchport  mode  trunk  and 
switchport  nonegotiate  interface  configuration  commands  to  cause  the  interface  to  become  a  trunk 
but  to  not  generate  DTP  frames. 
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Examples  This  example  shows  how  to  cause  a  port  to  refrain  from  negotiating  trunking  mode  and  to  act  as  a  trunk 

or  access  port  (depending  on  the  mode  set): 

Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  switchport  nonegotiate 

You  can  verify  your  setting  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  switchport     Displays  the  administrative  and  operational  status  of  a  switching  port, 

including  port  blocking  and  port  protection  settings. 

switchport  mode  Configures  the  VLAN  membership  mode  of  a  port. 
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switchport  port-security 

Use  the  switchport  port-security  interface  configuration  command  without  keywords  to  enable  port 
security  on  the  interface.  Use  the  keywords  to  configure  secure  MAC  addresses,  sticky  MAC  address 
learning,  a  maximum  number  of  secure  MAC  addresses,  or  the  violation  mode.  Use  the  no  form  of  this 
command  to  disable  port  security  or  to  set  the  parameters  to  their  default  states. 

switchport  port-security  [mac-address  mac-address  [vlan  {vlan-id  I  {access  I  voice}}]  I 

mac-address  sticky  [mac-address  I  vlan  {vlan-id  I  {access  I  voice}}]]  [maximum  value  [vlan 
{vlan-list  I  {access  I  voice}}]] 

no  switchport  port-security  [mac-address  mac-address  [vlan  {vlan-id  I  {access  I  voice} }]  I 

mac-address  sticky  [mac-address  I  vlan  {vlan-id  I  {access  I  voice}}]]  [maximum  value  [vlan 
{vlan-list  I  {access  I  voice}}]] 

switchport  port-security  [aging]  [violation  {protect  I  restrict  I  shutdown  I  shutdown  vlan}] 

no  switchport  port-security  [aging]  [violation  { protect  I  restrict  I  shutdown  I  shutdown  vlan }  ] 


Syntax  Description      aging  (Optional)  See  the  switchport  port-security  aging  command. 


mac-address  mac-address 

(Optional)  Specify  a  secure  MAC  address  for  the  interface  by  entering 

a  48-bit  MAC  address.  You  can  add  additional  secure  MAC  addresses 

up  to  the  maximum  value  configured. 

vlan  vlan-id 

(Optional)  On  a  trunk  port  only,  specify  the  VLAN  ID  and  the  MAC 

address.  If  no  VLAN  ID  is  specified,  the  native  VLAN  is  used. 

vlan  access 

(Optional)  On  an  access  port  only,  specify  the  VLAN  as  an  access 

VLAN. 

vlan  voice 

(Optional)  On  an  access  port  only,  specify  the  VLAN  as  a  voice  VLAN. 

Note     The  voice  keyword  is  available  only  if  voice  VLAN  is 

configured  on  a  port  and  if  that  port  is  not  the  access  VLAN. 

mac-address  sticky  (Optional)  Enable  the  interface  for  sticky  learning  by  entering  only  the 

[mac-address]  mac-address  sticky  keywords.  When  sticky  learning  is  enabled,  the 


interface  adds  all  secure  MAC  addresses  that  are  dynamically  learned  to 
the  running  configuration  and  converts  these  addresses  to  sticky  secure 
MAC  addresses. 

(Optional)  Enter  a  mac-address  to  specify  a  sticky  secure  MAC  address. 

maximum  value  (Optional)  Set  the  maximum  number  of  secure  MAC  addresses  for  the 

interface. The  maximum  number  of  secure  MAC  addresses  that  you  can 
configure  on  a  switch  is  set  by  the  maximum  number  of  available  MAC 
addresses  allowed  in  the  system,  approximately  6000.  This  number 
represents  the  total  of  available  MAC  addresses,  including  those  used 
for  other  Layer  2  functions  and  any  other  secure  MAC  addresses 
configured  on  interfaces. 

The  default  setting  is  1 . 
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vlan  [vlan-list]  (Optional)  For  trunk  ports,  you  can  set  the  maximum  number  of  secure 

MAC  addresses  on  a  VLAN.  If  the  vlan  keyword  is  not  entered,  the 
default  value  is  used. 

•  vlan — set  a  per- VLAN  maximum  value. 

•  vlan  vlan-list — set  a  per- VLAN  maximum  value  on  a  range  of 
VLANs  separated  by  a  hyphen  or  a  series  of  VLANs  separated  by 
commas.  For  nonspecified  VLANs,  the  per- VLAN  maximum  value 
is  used. 

violation  (Optional)  Set  the  security  violation  mode  or  the  action  to  be  taken  if 

port  security  is  violated.  The  default  is  shutdown. 

protect  Set  the  security  violation  protect  mode.  In  this  mode,  when  the  number 

of  port  secure  MAC  addresses  reaches  the  maximum  limit  allowed  on 
the  port,  packets  with  unknown  source  addresses  are  dropped  until  you 
remove  a  sufficient  number  of  secure  MAC  addresses  to  drop  below  the 
maximum  value  or  increase  the  number  of  maximum  allowable 
addresses.  You  are  not  notified  that  a  security  violation  has  occurred. 

Note     We  do  not  recommend  configuring  the  protect  mode  on  a  trunk 
port.  The  protect  mode  disables  learning  when  any  VLAN 
reaches  its  maximum  limit,  even  if  the  port  has  not  reached  its 
maximum  limit. 

restrict  Set  the  security  violation  restrict  mode.  In  this  mode,  when  the  number 

of  secure  MAC  addresses  reaches  the  limit  allowed  on  the  port,  packets 
with  unknown  source  addresses  are  dropped  until  you  remove  a 
sufficient  number  of  secure  MAC  addresses  or  increase  the  number  of 
maximum  allowable  addresses.  An  SNMP  trap  is  sent,  a  syslog  message 
is  logged,  and  the  violation  counter  increments. 

shutdown  Set  the  security  violation  shutdown  mode.  In  this  mode,  the  interface  is 

error-disabled  when  a  violation  occurs  and  the  port  LED  turns  off.  An 
SNMP  trap  is  sent,  a  syslog  message  is  logged,  and  the  violation  counter 
increments.  When  a  secure  port  is  in  the  error-disabled  state,  you  can 
bring  it  out  of  this  state  by  entering  the  errdisahle  recovery  cause 
psecure-violation  global  configuration  command,  or  you  can  manually 
re-enable  it  by  entering  the  shutdown  and  no  shut  down  interface 
configuration  commands. 

shutdown  vlan  Set  the  security  violation  mode  to  per- VLAN  shutdown.  In  this  mode, 

only  the  VLAN  on  which  the  violation  occured  is  error-disabled. 


Defaults  The  default  is  to  disable  port  security. 

When  port  security  is  enabled  and  no  keywords  are  entered,  the  default  maximum  number  of  secure 
MAC  addresses  is  1. 

The  default  violation  mode  is  shutdown. 
Sticky  learning  is  disabled. 


Command  Modes        Interface  configuration 
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Command  History        Release  Modification 


12.2(25)SE1 

This  command  was  introduced. 

12.2.(25)SED 

The  access  and  voice  keywords  were  added. 

12.2(35)SE 

The  shutdown  vlan  keyword  was  added 

Usage  Guidelines       A  secure  port  has  the  following  limitations: 

•  A  secure  port  can  be  an  access  port  or  a  trunk  port;  it  cannot  be  a  dynamic  access  port. 

•  A  secure  port  cannot  be  a  protected  port. 

•  A  secure  port  cannot  be  a  destination  port  for  Switched  Port  Analyzer  (SPAN). 

•  A  secure  port  cannot  belong  to  a  Gigabit  EtherChannel  port  group. 

•  You  cannot  configure  static  secure  or  sticky  secure  MAC  addresses  in  the  voice  VLAN. 

•  When  you  enable  port  security  on  an  interface  that  is  also  configured  with  a  voice  VLAN,  set  the 
maximum  allowed  secure  addresses  on  the  port  to  two.  When  the  port  is  connected  to  a  Cisco  IP 
phone,  the  IP  phone  requires  one  MAC  address.  The  Cisco  IP  phone  address  is  learned  on  the  voice 
VLAN,  but  is  not  learned  on  the  access  VLAN.  If  you  connect  a  single  PC  to  the  Cisco  IP  phone, 
no  additional  MAC  addresses  are  required.  If  you  connect  more  than  one  PC  to  the  Cisco  IP  phone, 
you  must  configure  enough  secure  addresses  to  allow  one  for  each  PC  and  one  for  the  Cisco  IP 
phone. 

•  Voice  VLAN  is  supported  only  on  access  ports  and  not  on  trunk  ports. 

•  When  you  enter  a  maximum  secure  address  value  for  an  interface,  if  the  new  value  is  greater  than 
the  previous  value,  the  new  value  overrides  the  previously  configured  value.  If  the  new  value  is  less 
than  the  previous  value  and  the  number  of  configured  secure  addresses  on  the  interface  exceeds  the 
new  value,  the  command  is  rejected. 

•  The  switch  does  not  support  port  security  aging  of  sticky  secure  MAC  addresses. 

A  security  violation  occurs  when  the  maximum  number  of  secure  MAC  addresses  are  in  the  address  table 
and  a  station  whose  MAC  address  is  not  in  the  address  table  attempts  to  access  the  interface  or  when  a 
station  whose  MAC  address  is  configured  as  a  secure  MAC  address  on  another  secure  port  attempts  to 
access  the  interface. 

When  a  secure  port  is  in  the  error-disabled  state,  you  can  bring  it  out  of  this  state  by  entering  the 
errdisable  recovery  cause  psecure-violation  global  configuration  command.  You  can  manually 
re-enable  the  port  by  entering  the  shutdown  and  no  shut  down  interface  configuration  commands  or  by 
using  the  clear  errdisable  interface  privileged  EXEC  command. 

you  can  manually  re-enable  it  by  entering  the  shutdown  and  no  shut  down  interface  configuration 
commands. 

Setting  a  maximum  number  of  addresses  to  one  and  configuring  the  MAC  address  of  an  attached  device 
ensures  that  the  device  has  the  full  bandwidth  of  the  port. 

When  you  enter  a  maximum  secure  address  value  for  an  interface,  this  occurs: 

•  If  the  new  value  is  greater  than  the  previous  value,  the  new  value  overrides  the  previously  configured 
value. 

•  If  the  new  value  is  less  than  the  previous  value  and  the  number  of  configured  secure  addresses  on 
the  interface  exceeds  the  new  value,  the  command  is  rejected. 
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Sticky  secure  MAC  addresses  have  these  characteristics: 

•  When  you  enable  sticky  learning  on  an  interface  by  using  the  switchport  port-security 
mac-address  sticky  interface  configuration  command,  the  interface  converts  all  the  dynamic  secure 
MAC  addresses,  including  those  that  were  dynamically  learned  before  sticky  learning  was  enabled, 
to  sticky  secure  MAC  addresses  and  adds  all  sticky  secure  MAC  addresses  to  the  running 
configuration. 

•  If  you  disable  sticky  learning  by  using  the  no  switchport  port-security  mac-address  sticky 

interface  configuration  command  or  the  running  configuration  is  removed,  the  sticky  secure  MAC 
addresses  remain  part  of  the  running  configuration  but  are  removed  from  the  address  table.  The 
addresses  that  were  removed  can  be  dynamically  reconfigured  and  added  to  the  address  table  as 
dynamic  addresses. 

•  When  you  configure  sticky  secure  MAC  addresses  by  using  the  switchport  port-security 
mac-address  sticky  mac-address  interface  configuration  command,  these  addresses  are  added  to  the 
address  table  and  the  running  configuration.  If  port  security  is  disabled,  the  sticky  secure  MAC 
addresses  remain  in  the  running  configuration. 

•  If  you  save  the  sticky  secure  MAC  addresses  in  the  configuration  file,  when  the  switch  restarts  or 
the  interface  shuts  down,  the  interface  does  not  need  to  relearn  these  addresses.  If  you  do  not  save 
the  sticky  secure  addresses,  they  are  lost.  If  sticky  learning  is  disabled,  the  sticky  secure  MAC 
addresses  are  converted  to  dynamic  secure  addresses  and  are  removed  from  the  running 
configuration. 

•  If  you  disable  sticky  learning  and  enter  the  switchport  port-security  mac-address  sticky 

mac-address  interface  configuration  command,  an  error  message  appears,  and  the  sticky  secure 
MAC  address  is  not  added  to  the  running  configuration. 


Examples  This  example  shows  how  to  enable  port  security  on  a  port  and  to  set  the  maximum  number  of  secure 

addresses  to  5.  The  violation  mode  is  the  default,  and  no  secure  MAC  addresses  are  configured. 

Switch(conf ig) #  interface  gigabitethernet  0/2 

Switch (config-if) #  switchport  mode  access 

Switch (config-if) #  switchport  port-security 

Switch (config-if ) #  switchport  port-security  maximum  5 

This  example  shows  how  to  configure  a  secure  MAC  address  and  a  VLAN  ID  on  a  port: 

Switch (config) #  interface  gigabitethernet  0/2 
Switch (config-if ) #  switchport  mode  trunk 
Switch (config-if ) #  switchport  port-security 

Switch (config-if ) #  switchport  port-security  mac-address  1000.2000.3000  vlan  3 

This  example  shows  how  to  enable  sticky  learning  and  to  enter  two  sticky  secure  MAC  addresses  on  a 
port: 

Switch ( config ) #  interface  gigabitethernet  0/2 

Switch ( config-if ) #  switchport  port-security  mac-address  sticky 

Switch (config-if ) #  switchport  port-security  mac-address  sticky  0000.0000.4141 

Switch (config-if ) #  switchport  port-security  mac-address  sticky  0000 . 0000 . OOOf 

This  example  show  how  to  configure  a  port  to  shut  down  only  the  VLAN  if  a  violation  occurs: 

Switch (config) #  interface  GigabitEthernet  2/0/2 

Switch (config) #  switchport  port-security  violation  shutdown  vlan 

You  can  verify  your  settings  by  using  the  show  port-security  privileged  EXEC  command. 
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Related  Commands      Command  Description 

clear  port-security  Deletes  from  the  MAC  address  table  a  specific  type  of  secure  address 

or  all  the  secure  addresses  on  the  switch  or  an  interface. 

show  port-security  address       Displays  all  the  secure  addresses  configured  on  the  switch. 

show  port-security  Displays  port  security  configuration  for  the  switch  or  for  the 

interface  interface-id  specified  interface. 
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switchport  port-security  aging 


Use  the  switchport  port-security  aging  interface  configuration  command  to  set  the  aging  time  and  type 
for  secure  address  entries  or  to  change  the  aging  behavior  for  secure  addresses  on  a  particular  port.  Use 
the  no  form  of  this  command  to  disable  port  security  aging  or  to  set  the  parameters  to  their  default  states. 

switchport  port-security  aging  { static  I  time  time  I  type  { absolute  I  inactivity } } 

no  switchport  port-security  aging  {static  I  time  I  type} 


Syntax  Description 


static 

Enable  aging  for  statically  configured  secure  addresses  on  this  port. 

time  time 

Specify  the  aging  time  for  this  port.  The  range  is  0  to  1440  minutes.  If  the  time 
is  0,  aging  is  disabled  for  this  port. 

type 

Set  the  aging  type. 

absolute 

Set  absolute  aging  type.  All  the  secure  addresses  on  this  port  age  out  exactly  after 
the  time  (minutes)  specified  and  are  removed  from  the  secure  address  list. 

inactivity 

Set  the  inactivity  aging  type.  The  secure  addresses  on  this  port  age  out  only  if  there 
is  no  data  traffic  from  the  secure  source  address  for  the  specified  time  period. 

Defaults 


The  port  security  aging  feature  is  disabled.  The  default  time  is  0  minutes. 

The  default  aging  type  is  absolute. 

The  default  static  aging  behavior  is  disabled. 


Command  Modes        Interface  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


To  enable  secure  address  aging  for  a  particular  port,  set  the  aging  time  to  a  value  other  than  0  for  that 
port. 

To  allow  limited  time  access  to  particular  secure  addresses,  set  the  aging  type  as  absolute.  When  the 
aging  time  lapses,  the  secure  addresses  are  deleted. 

To  allow  continuous  access  to  a  limited  number  of  secure  addresses,  set  the  aging  type  as  inactivity.  This 
removes  the  secure  address  when  it  become  inactive,  and  other  addresses  can  become  secure. 

To  allow  unlimited  access  to  a  secure  address,  configure  it  as  a  secure  address,  and  disable  aging  for  the 
statically  configured  secure  address  by  using  the  no  switchport  port-security  aging  static  interface 
configuration  command. 
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Examples  This  example  sets  the  aging  time  as  2  hours  for  absolute  aging  for  all  the  secure  addresses  on  the  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch (config-if) #  switchport  port-security  aging  time  120 

This  example  sets  the  aging  time  as  2  minutes  for  inactivity  aging  type  with  aging  enabled  for  configured 
secure  addresses  on  the  port: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  switchport  port-security  aging  time  2 

Switch (config-if ) #  switchport  port-security  aging  type  inactivity 

Switch(config-if ) #  switchport  port-security  aging  static 

This  example  shows  how  to  disable  aging  for  configured  secure  addresses: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  no  switchport  port-security  aging  static 


Related  Commands      Command  Description 

show  port-security  Displays  the  port  security  settings  defined  for  the  port. 

switchport  port-security     Enables  port  security  on  a  port,  restricts  the  use  of  the  port  to  a 

user-defined  group  of  stations,  and  configures  secure  MAC  addresses. 
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switchport  priority  extend 


Use  the  switchport  priority  extend  interface  configuration  command  to  set  a  port  priority  for  the 
incoming  untagged  frames  or  the  priority  of  frames  received  by  the  IP  phone  connected  to  the  specified 
port.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

switchport  priority  extend  {cos  value  I  trust} 

no  switchport  priority  extend 


Syntax  Description      cos  value 


Set  the  IP  phone  port  to  override  the  IEEE  802.  lp  priority  received  from  the  PC  or 
the  attached  device  with  the  specified  class  of  service  (CoS)  value.  The  range  is  0  to 
7.  Seven  is  the  highest  priority.  The  default  is  0. 

trust  Set  the  IP  phone  port  to  trust  the  IEEE  802.  lp  priority  received  from  the  PC  or  the 

attached  device. 


Defaults 


The  default  port  priority  is  set  to  a  CoS  value  of  0  for  untagged  frames  received  on  the  port. 


Command  Modes 


Interface  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


When  voice  VLAN  is  enabled,  you  can  configure  the  switch  to  send  the  Cisco  Discovery  Protocol  (CDP) 
packets  to  instruct  the  IP  phone  how  to  send  data  packets  from  the  device  attached  to  the  access  port  on 
the  Cisco  IP  Phone.  You  must  enable  CDP  on  the  switch  port  connected  to  the  Cisco  IP  Phone  to  send 
the  configuration  to  the  Cisco  IP  Phone.  (CDP  is  enabled  by  default  globally  and  on  all  switch 
interfaces.) 

You  should  configure  voice  VLAN  on  switch  access  ports. 

Before  you  enable  voice  VLAN,  we  recommend  that  you  enable  quality  of  service  (QoS)  on  the  switch 
by  entering  the  mis  qos  global  configuration  command  and  configure  the  port  trust  state  to  trust  by 
entering  the  mis  qos  trust  cos  interface  configuration  command. 


Examples 


This  example  shows  how  to  configure  the  IP  phone  connected  to  the  specified  port  to  trust  the  received 
IEEE  802.  lp  priority: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  switchport  priority  extend  trust 

You  can  verify  your  settings  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 
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Related  Commands  Command 


Description 


show  interfaces 
switchport  voice  vlan 


Displays  the  administrative  and  operational  status  of  a  switching  port. 
Configures  the  voice  VLAN  on  the  port. 
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switch  port  protected 


Use  the  switchport  protected  interface  configuration  command  to  isolate  unicast,  multicast,  and 
broadcast  traffic  at  Layer  2  from  other  protected  ports  on  the  same  switch.  Use  the  no  form  of  this 
command  to  disable  protection  on  the  port. 

switchport  protected 

no  switchport  protected 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


No  protected  port  is  defined.  All  ports  are  nonprotected. 


Command  Modes        Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


The  switchport  protection  feature  is  local  to  the  switch;  communication  between  protected  ports  on  the 
same  switch  is  possible  only  through  a  Layer  3  device.  To  prevent  communication  between  protected 
ports  on  different  switches,  you  must  configure  the  protected  ports  for  unique  VLANs  on  each  switch 
and  configure  a  trunk  link  between  the  switches.  A  protected  port  is  different  from  a  secure  port. 

A  protected  port  does  not  forward  any  traffic  (unicast,  multicast,  or  broadcast)  to  any  other  port  that  is 
also  a  protected  port.  Data  traffic  cannot  be  forwarded  between  protected  ports  at  Layer  2;  only  control 
traffic,  such  as  PIM  packets,  is  forwarded  because  these  packets  are  processed  by  the  CPU  and  forwarded 
in  software.  All  data  traffic  passing  between  protected  ports  must  be  forwarded  through  a  Layer  3  device. 

Port  monitoring  does  not  work  if  both  the  monitor  and  monitored  ports  are  protected  ports. 


Examples 


This  example  shows  how  to  enable  a  protected  port  on  an  interface: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if) #  switchport  protected 

You  can  verify  your  settings  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Syntax  Description  Command 


show  interfaces 
switchport 


Description 


Displays  the  administrative  and  operational  status  of  a  switching  port,  including 
port  blocking  and  port  protection  settings. 


switchport  block       Prevents  unknown  multicast  or  unicast  traffic  on  the  interface. 
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switchport  trunk 

Use  the  switchport  trunk  interface  configuration  command  to  set  the  trunk  characteristics  when  the 
interface  is  in  trunking  mode.  Use  the  no  form  of  this  command  to  reset  a  trunking  characteristic  to  the 
default. 

switchport  trunk  {allowed  vlan  vlan-list  I  native  vlan  vlan-id  I  pruning  vlan  vlan-list} 
no  switchport  trunk  {allowed  vlan  I  encapsulation  I  native  vlan  I  {pruning  vlan} 


Syntax  Description      allowed  vlan  vlan-list     Set  the  list  of  allowed  VLANs  that  can  receive  and  send  traffic  on  this 

interface  in  tagged  format  when  in  trunking  mode.  See  the  following  vlan-list 
format.  The  none  keyword  is  not  valid.  The  default  is  all. 

encapsulation  dotlq       Set  the  encapsulation  format  on  the  trunk  port  to  IEEE  802. 1Q.  With  this 
format,  the  switch  supports  simultaneous  tagged  and  untagged  traffic  on  a 
port. 

encapsulation  isl  Set  the  encapsulation  format  on  the  trunk  port  to  Inter-Switch  Link  (ISL). 

The  switch  encapsulates  all  received  and  sent  packets  with  an  ISL  header  and 
filters  native  frames  received  from  an  ISL  trunk  port. 

encapsulation  Specify  that  if  Dynamic  Inter-Switch  Link  (DISL)  and  Dynamic  Trunking 

negotiate  Protocol  (DTP)  negotiation  do  not  resolve  the  encapsulation  format,  ISL  is 

the  selected  format. 

native  vlan  vlan-id         Set  the  native  VLAN  for  sending  and  receiving  untagged  traffic  when  the 
interface  is  in  IEEE  802. 1Q  trunking  mode.  The  range  is  1  to  4094. 

pruning  vlan  vlan-list     Set  the  list  of  VLANs  that  are  eligible  for  VTP  pruning  when  in  trunking 
mode.  The  all  keyword  is  not  valid. 


The  vlan-list  format  is  all  I  none  I  [add  I  remove  I  except]  vlan-atom  [,vlan-atom...]  where: 

•  all  specifies  all  VLANs  from  1  to  4094.  This  keyword  is  not  allowed  on  commands  that  do  not 
permit  all  VLANs  in  the  list  to  be  set  at  the  same  time. 

•  none  means  an  empty  list.  This  keyword  is  not  allowed  on  commands  that  require  certain  VLANs 
to  be  set  or  at  least  one  VLAN  to  be  set. 

•  add  adds  the  defined  list  of  VLANs  to  those  currently  set  instead  of  replacing  the  list.  Valid  IDs  are 
from  1  to  1005;  extended-range  VLANs  (VLAN  IDs  greater  than  1005)  are  valid  in  some  cases. 

X   

Note     You  can  add  extended-range  VLANs  to  the  allowed  VLAN  list,  but  not  to  the 
pruning-eligible  VLAN  list. 


Separate  nonconsecutive  VLAN  IDs  with  a  comma;  use  a  hyphen  to  designate  a  range  of  IDs. 

•    remove  removes  the  defined  list  of  VLANs  from  those  currently  set  instead  of  replacing  the  list. 
Valid  IDs  are  from  1  to  1005;  extended-range  VLAN  IDs  are  valid  in  some  cases. 

X   

Note     You  can  remove  extended-range  VLANs  from  the  allowed  VLAN  list,  but  you  cannot 
remove  them  from  the  pruning-eligible  list. 
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•  except  lists  the  VLANs  that  should  be  calculated  by  inverting  the  defined  list  of  VLANs.  (VLANs 
are  added  except  the  ones  specified.)  Valid  IDs  are  from  1  to  1005.  Separate  nonconsecutive  VLAN 
IDs  with  a  comma;  use  a  hyphen  to  designate  a  range  of  IDs. 

•  vlan-atom  is  either  a  single  VLAN  number  from  1  to  4094  or  a  continuous  range  of  VLANs 
described  by  two  VLAN  numbers,  the  lesser  one  first,  separated  by  a  hyphen. 


Defaults  The  default  encapsulation  is  negotiate. 

VLAN  1  is  the  default  native  VLAN  ID  on  the  port. 
The  default  for  all  VLAN  lists  is  to  include  all  VLANs. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  Encapsulation: 

•  The  switchport  trunk  encapsulation  command  is  supported  only  for  platforms  and  interface 
hardware  that  can  support  both  ISL  and  IEEE  802. 1Q  formats. 

•  You  cannot  configure  one  end  of  the  trunk  as  an  IEEE  802. 1Q  trunk  and  the  other  end  as  an  ISL  or 
nontrunk  port.  However,  you  can  configure  one  port  as  an  ISL  trunk  and  a  different  port  on  the  same 
switch  as  an  IEEE  802. 1Q  trunk. 

•  If  you  enter  the  negotiate  keywords  and  DTP  negotiation  does  not  resolve  the  encapsulation  format, 
ISL  is  the  selected  format.  The  no  form  of  the  command  resets  the  trunk  encapsulation  format  to  the 
default. 

•  The  no  form  of  the  encapsulation  command  resets  the  encapsulation  format  to  the  default. 
Native  VLANs: 

•  All  untagged  traffic  received  on  an  IEEE  802. 1Q  trunk  port  is  forwarded  with  the  native  VLAN 
configured  for  the  port. 

•  If  a  packet  has  a  VLAN  ID  that  is  the  same  as  the  sending-port  native  VLAN  ID,  the  packet  is  sent 
without  a  tag;  otherwise,  the  switch  sends  the  packet  with  a  tag. 

•  The  no  form  of  the  native  vlan  command  resets  the  native  mode  VLAN  to  the  appropriate  default 
VLAN  for  the  device. 

Allowed  VLAN: 

•  To  reduce  the  risk  of  spanning-tree  loops  or  storms,  you  can  disable  VLAN  1  on  any  individual 
VLAN  trunk  port  by  removing  VLAN  1  from  the  allowed  list.  When  you  remove  VLAN  1  from  a 
trunk  port,  the  interface  continues  to  send  and  receive  management  traffic,  for  example,  Cisco 
Discovery  Protocol  (CDP),  Port  Aggregation  Protocol  (PAgP),  Link  Aggregation  Control  Protocol 
(LACP),  Dynamic  Trunking  Protocol  (DTP),  and  VLAN  Trunking  Protocol  (VTP)  in  VLAN  1. 

•  The  no  form  of  the  allowed  vlan  command  resets  the  list  to  the  default  list,  which  allows  all  VLANs. 
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H     switchport  trunk 

Trunk  pruning: 

•  The  pruning-eligible  list  applies  only  to  trunk  ports. 

•  Each  trunk  port  has  its  own  eligibility  list. 

•  If  you  do  not  want  a  VLAN  to  be  pruned,  remove  it  from  the  pruning-eligible  list.  VLANs  that  are 
pruning-ineligible  receive  flooded  traffic. 

•  VLAN  1,  VLANs  1002  to  1005,  and  extended-range  VLANs  (VLANs  1006  to  4094)  cannot  be 
pruned. 


Examples  This  example  shows  how  to  cause  a  port  configured  as  a  switched  interface  to  encapsulate  in 

IEEE  802. 1Q  trunking  format  regardless  of  its  default  trunking  format  in  trunking  mode: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if) #  switchport  trunk  encapsulation  dotlq 

This  example  shows  how  to  configure  VLAN  3  as  the  default  for  the  port  to  send  all  untagged  traffic: 

Switch (config) #  interface  gigabitethernetO/2 
Switch (config-if ) #  switchport  trunk  native  vlan  3 

This  example  shows  how  to  add  VLANs  1,  2,  5,  and  6  to  the  allowed  list: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  switchport  trunk  allowed  vlan  add  1,2,5,6 

This  example  shows  how  to  remove  VLANs  3  and  10  to  15  from  the  pruning-eligible  list: 

Switch (config) #  interface  gigabitethernetO/2 

Switch (config-if ) #  switchport  trunk  pruning  vlan  remove  3,10-15 

You  can  verify  your  settings  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  switchport     Displays  the  administrative  and  operational  status  of  a  switching  port, 

including  port  blocking  and  port  protection  settings. 

switchport  mode  Configures  the  VLAN  membership  mode  of  a  port. 
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switchport  voice  vlan 

Use  the  switchport  voice  vlan  interface  configuration  command  to  configure  voice  VLAN  on  the  port. 
Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

switchport  voice  vlan  {vlan-id  I  dotlp  I  none  I  untagged} 

no  switchport  voice  vlan 


Syntax  Description      vlan-id  Specify  the  VLAN  to  be  used  for  voice  traffic.  The  range  is  1  to  4094.  By  default,  the 

IP  phone  forwards  the  voice  traffic  with  an  IEEE  802. 1Q  priority  of  5. 


dotlp 

Configure  the  telephone  to  use  IEEE  802.  lp  priority  tagging  and  uses  VLAN  0  (the 

native  VLAN).  By  default,  the  Cisco  IP  phone  forwards  the  voice  traffic  with  an 

IEEE  802.  lp  priority  of  5. 

none 

Do  not  instruct  the  IP  telephone  about  the  voice  VLAN.  The  telephone  uses  the 

configuration  from  the  telephone  key  pad. 

untagged 

Configure  the  telephone  to  send  untagged  voice  traffic.  This  is  the  default  for  the 

telephone. 

Defaults  The  switch  default  is  not  to  automatically  configure  the  telephone  (none). 

The  telephone  default  is  not  to  tag  frames. 


Command  Modes        Interface  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       You  should  configure  voice  VLAN  on  Layer  2  access  ports. 

You  must  enable  Cisco  Discovery  Protocol  (CDP)  on  the  switchport  connected  to  the  Cisco  IP  phone  for 
the  switch  to  send  configuration  information  to  the  phone.  CDP  is  enabled  by  default  globally  and  on  the 
interface. 

Before  you  enable  voice  VLAN,  we  recommend  that  you  enable  quality  of  service  (QoS)  on  the  switch 
by  entering  the  nils  qos  global  configuration  command  and  configure  the  port  trust  state  to  trust  by 
entering  the  mis  qos  trust  cos  interface  configuration  command. 

When  you  enter  a  VLAN  ID,  the  IP  phone  forwards  voice  traffic  in  IEEE  802. 1Q  frames,  tagged  with 
the  specified  VLAN  ID.  The  switch  puts  IEEE  802. 1Q  voice  traffic  in  the  voice  VLAN. 

When  you  select  dotlq,  none,  or  untagged,  the  switch  puts  the  indicated  voice  traffic  in  the  access 
VLAN. 

In  all  configurations,  the  voice  traffic  carries  a  Layer  2  IP  precedence  value.  The  default  is  5  for  voice 
traffic. 
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When  you  enable  port  security  on  an  interface  that  is  also  configured  with  a  voice  VLAN,  set  the 
maximum  allowed  secure  addresses  on  the  port  to  two.  When  the  port  is  connected  to  a  Cisco  IP  phone, 
the  IP  phone  requires  one  MAC  address.  The  Cisco  IP  phone  address  is  learned  on  the  voice  VLAN,  but 
is  not  learned  on  the  access  VLAN.  If  you  connect  a  single  PC  to  the  Cisco  IP  phone,  no  additional  MAC 
addresses  are  required.  If  you  connect  more  than  one  PC  to  the  Cisco  IP  phone,  you  must  configure 
enough  secure  addresses  to  allow  one  for  each  PC  and  one  for  the  Cisco  IP  phone. 

If  any  type  of  port  security  is  enabled  on  the  access  VLAN,  dynamic  port  security  is  automatically 
enabled  on  the  voice  VLAN. 

You  cannot  configure  static  secure  MAC  addresses  in  the  voice  VLAN. 

The  Port  Fast  feature  is  automatically  enabled  when  voice  VLAN  is  configured.  When  you  disable  voice 
VLAN,  the  Port  Fast  feature  is  not  automatically  disabled. 


Examples  This  example  shows  how  to  configure  VLAN  2  as  the  voice  VLAN  for  the  port: 

Switch (config) #  interface  gigabitethernetO/2 
Switch ( config-if ) #  switchport  voice  vlan  2 

You  can  verify  your  settings  by  entering  the  show  interfaces  interface-id  switchport  privileged  EXEC 
command. 


Related  Commands      Command  Description 

show  interfaces  interface-id  switchport     Displays  the  administrative  and  operational  status  of  a 

switching  port. 

switchport  priority  extend  Decides  how  the  device  connected  to  the  specified  port 

handles  priority  traffic  received  on  its  incoming  port. 
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system  env  temperature  threshold  yellow 

Use  the  system  env  temperature  threshold  yellow  global  configuration  command  to  configure  the 
difference  between  the  yellow  and  red  temperature  thresholds  which  determines  the  value  of  yellow 
threshold.  Use  the  no  form  of  this  command  to  return  to  the  default  value. 

system  env  temperature  threshold  yellow  value 

no  system  env  temperature  threshold  yellow  value 


Syntax  Description       value  Specify  the  difference  between  the  yellow  and  red  threshold  values  (in  Celsius).  The 

range  is  10  to  25.  The  default  value  is  10. 


Defaults  These  are  the  default  values: 

•  Green:  <  68 

•  Yellow:  68 

•  Red:  75 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  cannot  configure  the  green  and  red  thresholds  but  can  configure  the  yellow  threshold.  Use  the 
system  env  temperature  threshold  yellow  value  global  configuration  command  to  specify  the 
difference  between  the  yellow  and  red  thresholds  and  to  configure  the  yellow  threshold.  For  example,  if 
the  red  threshold  is  66  degrees  C  and  you  want  to  configure  the  yellow  threshold  as  51  degrees  C,  set  the 
difference  between  the  thresholds  as  15  by  using  the  system  env  temperature  threshold  yellow  15 
command. 

X   

Note      The  internal  temperature  sensor  in  the  switch  measures  the  internal  system  temperature  and  might  vary 
±5  degrees  C. 


Examples  This  example  sets  15  as  the  difference  between  the  yellow  and  red  thresholds: 

Switch (config) #  system  env  temperature  threshold  yellow  15 

Switch (config) # 
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Related  Commands      Command  Description 

show  env  temperature  status      Displays  the  temperature  status  and  threshold  levels. 
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system  mtu 


Use  the  system  mtu  global  configuration  command  to  set  the  maximum  packet  size  or  maximum 
transmission  unit  (MTU)  size  for  Gigabit  Ethernet  ports  or  for  10/100  ports.  Use  the  no  form  of  this 
command  to  restore  the  global  MTU  value  to  its  default  value. 

system  mtu  {bytes  I  jumbo  bytes} 

no  system  mtu 


Syntax  Description  bytes 


jumbo  bytes 


The  range  is  1500  to  1998  bytes.  This  is  the  maximum  MTU  received  at 
10/100-Mb/s  Ethernet  switch  ports. 

The  range  is  1500  to  9000  bytes.  This  is  the  maximum  MTU  received  at  the 
physical  port  for  Gigabit  Ethernet  ports. 


Defaults 


The  default  MTU  size  for  all  ports  is  1500  bytes. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


When  you  use  this  command  to  change  the  system  MTU  or  jumbo  MTU  size,  you  must  reset  the  switch 
before  the  new  configuration  takes  effect. 

Gigabit  Ethernet  ports  are  not  affected  by  the  system  mtu  command,  and  10/100-Mb/s  ports  are  not 
affected  by  the  system  mtu  jumbo  command. 

If  you  enter  a  value  that  is  outside  the  range  for  the  specific  type  of  switch,  the  value  is  not  accepted. 


Note 


The  switch  does  not  support  setting  the  MTU  on  a  per-interface  basis. 


The  size  of  frames  that  can  be  received  by  the  switch  CPU  is  limited  to  1998  bytes,  regardless  of  the 
value  entered  with  the  system  mtu  command.  Although  forwarded  or  routed  frames  are  usually  not 
received  by  the  CPU,  some  packets  (for  example,  control  traffic,  SNMP,  Telnet,  and  routing  protocols) 
are  sent  to  the  CPU. 

Because  the  switch  does  not  fragment  packets,  it  drops  switched  packets  larger  than  the  packet  size 
supported  on  the  egress  interface. 

For  example,  if  the  system  mtu  value  is  1998  bytes  and  the  system  mtu  jumbo  value  is  5000  bytes, 
packets  up  to  5000  bytes  can  be  received  on  interfaces  operating  at  1000  Mb/s.  However,  although  a 
packet  larger  than  1998  bytes  can  be  received  on  an  interface  operating  at  1000  Mb/s,  if  its  destination 
interface  is  operating  at  10  or  100  Mb/s,  the  packet  is  dropped. 
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Examples  This  example  shows  how  to  set  the  maximum  jumbo  packet  size  for  Gigabit  Ethernet  ports  to  1800  bytes: 

Switch (config) #  system  mtu  jumbo  1800 

Switch (config) #  exit 
Switch#  reload 

You  can  verify  your  setting  by  entering  the  show  system  mtu  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  system  mtu  Displays  the  packet  size  set  for  10/100  and  Gigabit 

Ethernet  ports. 
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test  cable-diagnostics  tdr 

Use  the  test  cable-diagnostics  tdr  privileged  EXEC  command  to  run  the  Time  Domain  Reflector  (TDR) 
feature  on  an  interface. 

test  cable-diagnostics  tdr  interface  interface-id 


Syntax  Description       interface-id  Specify  the  interface  on  which  to  run  TDR. 


Defaults  There  is  no  default. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       TDR  is  supported  only  on  10/100/1000  copper  Ethernet  ports.  It  is  not  supported  on  SFP  module  ports. 
For  more  information  about  TDR,  see  the  software  configuration  guide  for  this  release. 

After  you  run  TDR  by  using  the  test  cable-diagnostics  tdr  interface  interface-id  command,  use  the 
show  cable-diagnostics  tdr  interface  interface-id  privileged  EXEC  command  to  display  the  results. 


Examples  This  example  shows  how  to  run  TDR  on  an  interface: 

Switch)!  test  cable-diagnostics  tdr  interface  gigabitethernet0/2 

TDR  test  started  on  interface  GiO/2 

A  TDR  test  can  take  a  few  seconds  to  run  on  an  interface 
Use   'show  cable-diagnostics  tdr'   to  read  the  TDR  results. 

If  you  enter  the  test  cable-diagnostics  tdr  interface  interface-id  command  on  an  interface  that  has  a 
link  status  of  up  and  a  speed  of  10  or  100  Mb/s,  these  messages  appear: 

Switch#  test  cable-diagnostics  tdr  interface  gigabitethernetO/3 

TDR  test  on  GiO/9  will  affect  link  state  and  traffic 
TDR  test  started  on  interface  GiO/3 

A  TDR  test  can  take  a  few  seconds  to  run  on  an  interface 
Use   'show  cable-diagnostics  tdr'   to  read  the  TDR  results. 


Related  Commands      Command  Description 

show  cable-diagnostics  tdr        Displays  the  TDR  results. 
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traceroute  mac 


Use  the  traceroute  mac  privileged  EXEC  command  to  display  the  Layer  2  path  taken  by  the  packets 
from  the  specified  source  MAC  address  to  the  specified  destination  MAC  address. 

traceroute  mac  [interface  interface-id]  { source-mac-address}  [interface  interface-id] 
[destination-mac -address]  [vlan  vlan-id]  [detail] 


Syntax  Description 


interface  interface-id 
source-mac-address 


(Optional)  Specify  an  interface  on  the  source  or  destination  switch. 
Specify  the  MAC  address  of  the  source  switch  in  hexadecimal  format. 


destination-mac-address     Specify  the  MAC  address  of  the  destination  switch  in  hexadecimal  format. 


vlan  vlan-id 


detail 


(Optional)  Specify  the  VLAN  on  which  to  trace  the  Layer  2  path  that  the 
packets  take  from  the  source  switch  to  the  destination  switch.  Valid  VLAN 
IDs  are  1  to  4094. 

(Optional)  Specify  that  detailed  information  appears. 


Defaults 


There  is  no  default. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


For  Layer  2  traceroute  to  function  properly,  Cisco  Discovery  Protocol  (CDP)  must  be  enabled  on  all  the 
switches  in  the  network.  Do  not  disable  CDP. 

When  the  switch  detects  a  device  in  the  Layer  2  path  that  does  not  support  Layer  2  traceroute,  the  switch 
continues  to  send  Layer  2  trace  queries  and  lets  them  time  out. 

The  maximum  number  of  hops  identified  in  the  path  is  ten. 

Layer  2  traceroute  supports  only  unicast  traffic.  If  you  specify  a  multicast  source  or  destination  MAC 
address,  the  physical  path  is  not  identified,  and  an  error  message  appears. 

The  traceroute  mac  command  output  shows  the  Layer  2  path  when  the  specified  source  and  destination 
addresses  belong  to  the  same  VLAN.  If  you  specify  source  and  destination  addresses  that  belong  to 
different  VLANs,  the  Layer  2  path  is  not  identified,  and  an  error  message  appears. 

If  the  source  or  destination  MAC  address  belongs  to  multiple  VLANs,  you  must  specify  the  VLAN  to 
which  both  the  source  and  destination  MAC  addresses  belong.  If  the  VLAN  is  not  specified,  the  path  is 
not  identified,  and  an  error  message  appears. 

The  Layer  2  traceroute  feature  is  not  supported  when  multiple  devices  are  attached  to  one  port  through 
hubs  (for  example,  multiple  CDP  neighbors  are  detected  on  a  port).  When  more  than  one  CDP  neighbor 
is  detected  on  a  port,  the  Layer  2  path  is  not  identified,  and  an  error  message  appears. 

This  feature  is  not  supported  in  Token  Ring  VLANs. 
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Examples 


This  example  shows  how  to  display  the  Layer  2  path  by  specifying  the  source  and  destination  MAC 
addresses: 


Switch*  traceroute  mac  0000.0201.0601  0000.0201.0201 

Source  0000.0201.0601  found  on  con6 [WS-cgesm]  (2.2.6.6) 
con6    (2.2.6.6)    :GiO/l  =>  GiO/3 


con5  (2.2.5.5  )      :         GiO/3   =>  Gi0/1 

conl  (2.2.1.1  )      :         Gi0/1  =>  GiO/2 

con2  (2.2.2.2  )      :         GiO/2   =>  Gi0/1 


Destination  0000.0201.0201  found  on  con2 [WS-C3550-24 ]  (2.2.2.2) 
Layer  2  trace  completed 

This  example  shows  how  to  display  the  Layer  2  path  by  using  the  detail  keyword: 

Switch*  traceroute  mac  0000.0201.0601  0000.0201.0201  detail 

Source  0000.0201.0601  found  on  con6 [WS-cgesm]  (2.2.6.6) 
con6   /  WS-   /   2.2.6.6  : 

GiO/2    [auto,   auto]    =>  GiO/3    [auto,  auto] 
con5   /  WS-C2950G-24-EI   /   2.2.5.5  : 

FaO/3    [auto,   auto]   =>  Gi0/1    [auto,  auto] 
conl   /  WS-C3550-12G  /   2.2.1.1  : 

Gi0/1    [auto,   auto]   =>  GiO/2    [auto,  auto] 
con2   /  WS-C3550-24   /   2.2.2.2  : 

GiO/2    [auto,   auto]   =>  Fa0/1    [auto,  auto] 
Destination  0000.0201.0201  found  on  con2 [WS-C3550-24 ]  (2.2.2.2) 
Layer  2  trace  completed. 

This  example  shows  how  to  display  the  Layer  2  path  by  specifying  the  interfaces  on  the  source  and 
destination  switches: 

Switch*  traceroute  mac  interface  fastethernetO/1  0000.0201.0601  interface  f astethernetO/3 
0000.0201.0201 

Source  0000.0201.0601  found  on  con6 [WS-cgesm]  (2.2.6.6) 
con6    (2.2.6.6)    :Gi0/l  =>  GiO/3 

con5  (2.2.5.5  )      :         GiO/3   =>  Gi0/1 

conl  (2.2.1.1  )      :         Gi0/1  =>  GiO/2 

con2  (2.2.2.2  )      :         GiO/2   =>  Gi0/1 

Destination  0000.0201.0201  found  on  con2 [WS-C3550-24]  (2.2.2.2) 
Layer  2  trace  completed 

This  example  shows  the  Layer  2  path  when  the  switch  is  not  connected  to  the  source  switch: 

Switch*  traceroute  mac  0000.0201.0501  0000.0201.0201  detail 

Source  not  directly  connected,   tracing  source   

Source  0000.0201.0501  found  on  con5 [WS-cgesm]  (2.2.5.5) 
con5   /  WS-cgesm  /   2.2.5.5  : 

GiO/1    [auto,   auto]    =>  GiO/3    [auto,  auto] 
conl   /  WS-C3550-12G  /   2.2.1.1  : 

Gi0/1    [auto,   auto]    =>  GiO/2    [auto,  auto] 
con2   /  WS-C3550-24   /   2.2.2.2  : 

GiO/2    [auto,   auto]   =>  Fa0/1    [auto,  auto] 
Destination  0000.0201.0201  found  on  con2 [WS-C3550-24 ]  (2.2.2.2) 
Layer  2  trace  completed. 

This  example  shows  the  Layer  2  path  when  the  switch  cannot  find  the  destination  port  for  the  source 
MAC  address: 

Switch*  traceroute  mac  0000.0011.1111  0000.0201.0201 

Error: Source  Mac  address  not  found. 
Layer2  trace  aborted. 
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This  example  shows  the  Layer  2  path  when  the  source  and  destination  devices  are  in  different  VLANs: 

Switch*  traceroute  mac  0000.0201.0601  0000.0301.0201 

Error: Source  and  destination  macs  are  on  different  vlans . 
Layer2  trace  aborted. 

This  example  shows  the  Layer  2  path  when  the  destination  MAC  address  is  a  multicast  address: 

Switch*  traceroute  mac  0000.0201.0601  0100.0201.0201 

Invalid  destination  mac  address 

This  example  shows  the  Layer  2  path  when  source  and  destination  switches  belong  to  multiple  VLANs: 

Switch*  traceroute  mac  0000.0201.0601  0000.0201.0201 

Error: Mac  found  on  multiple  vlans. 
Layer2  trace  aborted. 


traceroute  mac  ip      Displays  the  Layer  2  path  taken  by  the  packets  from  the  specified  source  IP 
address  or  hostname  to  the  specified  destination  IP  address  or  hostname. 


Related  Commands 


Command 


Description 
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traceroute  mac  ip 

Use  the  traceroute  mac  ip  privileged  EXEC  command  to  display  the  Layer  2  path  taken  by  the  packets 
from  the  specified  source  IP  address  or  hostname  to  the  specified  destination  IP  address  or  hostname. 

traceroute  mac  ip  {source-ip-address  I  source-hostname}  {destination-ip-address  I 
destination-hostname)  [detail] 


Syntax  Description       source-ip-address  Specify  the  IP  address  of  the  source  switch  as  a  32-bit  quantity  in 

dotted-decimal  format. 


destination-ip-address 

Specify  the  IP  address  of  the  destination  switch  as  a  32-bit  quantity  in 

dotted-decimal  format. 

source-hostname 

Specify  the  IP  hostname  of  the  source  switch. 

destination-hostname 

Specify  the  IP  hostname  of  the  destination  switch. 

detail 

(Optional)  Specify  that  detailed  information  appears. 

Defaults  There  is  no  default. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        For  Layer  2  traceroute  to  function  properly,  Cisco  Discovery  Protocol  (CDP)  must  be  enabled  on  all  the 
switches  in  the  network.  Do  not  disable  CDP. 

When  the  switch  detects  an  device  in  the  Layer  2  path  that  does  not  support  Layer  2  traceroute,  the  switch 
continues  to  send  Layer  2  trace  queries  and  lets  them  time  out. 

The  maximum  number  of  hops  identified  in  the  path  is  ten. 

The  traceroute  mac  ip  command  output  shows  the  Layer  2  path  when  the  specified  source  and 
destination  IP  addresses  are  in  the  same  subnet.  When  you  specify  the  IP  addresses,  the  switch  uses 
Address  Resolution  Protocol  (ARP)  to  associate  the  IP  addresses  with  the  corresponding  MAC  addresses 
and  the  VLAN  IDs. 

•  If  an  ARP  entry  exists  for  the  specified  IP  address,  the  switch  uses  the  associated  MAC  address  and 
identifies  the  physical  path. 

•  If  an  ARP  entry  does  not  exist,  the  switch  sends  an  ARP  query  and  tries  to  resolve  the  IP  address. 
The  IP  addresses  must  be  in  the  same  subnet.  If  the  IP  address  is  not  resolved,  the  path  is  not 
identified,  and  an  error  message  appears. 
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The  Layer  2  traceroute  feature  is  not  supported  when  multiple  devices  are  attached  to  one  port  through 
hubs  (for  example,  multiple  CDP  neighbors  are  detected  on  a  port).  When  more  than  one  CDP  neighbor 
is  detected  on  a  port,  the  Layer  2  path  is  not  identified,  and  an  error  message  appears. 

This  feature  is  not  supported  in  Token  Ring  VLANs. 


Examples  This  example  shows  how  to  display  the  Layer  2  path  by  specifying  the  source  and  destination  IP 

addresses  and  by  using  the  detail  keyword: 

Switch*  traceroute  mac  ip  2.2.66.66  2.2.22.22  detail 

Translating  IP  to  mac   

2.2.66.66  =>  0000.0201.0601 
2.2.22.22   =>  0000.0201.0201 

Source  0000.0201.0601   found  on  con6 [WS-C2950G-24-EI]  (2.2.6.6) 
con6  /  WS-cgesm  /  2.2.6.6  : 

Gi0/1    [auto,   auto]   =>  GiO/3    [auto,  auto] 
con5   /  WS-C2950G-24-EI   /   2.2.5.5  : 

FaO/3    [auto,   auto]   =>  Gi0/1    [auto,  auto] 
conl   /  WS-C3550-12G  /   2.2.1.1  : 

Gi0/1    [auto,   auto]   =>  GiO/2    [auto,  auto] 
con2   /  WS-C3550-24   /   2.2.2.2  : 

GiO/2    [auto,   auto]    =>  Fa0/1    [auto,  auto] 
Destination  0000.0201.0201  found  on  con2 [WS-C3550-24 ]  (2.2.2.2) 
Layer  2  trace  completed. 

This  example  shows  how  to  display  the  Layer  2  path  by  specifying  the  source  and  destination  hostnames: 

Switch#  traceroute  mac  ip  con6  con2 

Translating  IP  to  mac   

2.2.66.66  =>  0000.0201.0601 
2.2.22.22   =>  0000.0201.0201 

Source  0000.0201.0601  found  on  con6 
con6    (2.2.6.6)    :Gi0/l  =>  GiO/3 
con5  (2.2.5.5  ) 

conl  (2.2.1.1  ) 

con2  (2.2.2.2  ) 

Destination  0000.0201.0201  found  on  con2 
Layer  2  trace  completed 

This  example  shows  the  Layer  2  path  when  ARP  cannot  associate  the  source  IP  address  with  the 
corresponding  MAC  address: 

Switch#  traceroute  mac  ip  2.2.66.66  2.2.77.77 

Arp  failed  for  destination  2.2.77.77. 
Layer2  trace  aborted. 


Related  Commands      Command  Description 

traceroute  mac         Displays  the  Layer  2  path  taken  by  the  packets  from  the  specified  source  MAC 
address  to  the  specified  destination  MAC  address. 


GiO/3  =>  Gi0/1 
Gi0/1  =>  GiO/2 
GiO/2  =>  Fa0/1 
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trust  ■ 


trust 


Use  the  trust  policy-map  class  configuration  command  to  define  a  trust  state  for  traffic  classified 
through  the  class  policy-map  configuration  or  the  class-map  global  configuration  command.  Use  the  no 
form  of  this  command  to  return  to  the  default  setting. 

trust  [cos  I  dscp  I  ip-precedence] 

no  trust  [cos  I  dscp  I  ip-precedence] 


Syntax  Description  cos 


dscp 


ip-precedence 


(Optional)  Classify  an  ingress  packet  by  using  the  packet  class  of  service  (CoS) 
value.  For  an  untagged  packet,  the  port  default  CoS  value  is  used. 

(Optional)  Classify  an  ingress  packet  by  using  the  packet  Differentiated  Services 
Code  Point  (DSCP)  values  (most  significant  6  bits  of  8-bit  service-type  field).  For 
a  non-IP  packet,  the  packet  CoS  value  is  used  if  the  packet  is  tagged.  If  the  packet 
is  untagged,  the  default  port  CoS  value  is  used  to  map  CoS  to  DSCP. 

(Optional)  Classify  an  ingress  packet  by  using  the  packet  IP-precedence  value 
(most  significant  3  bits  of  8-bit  service-type  field).  For  a  non-IP  packet,  the  packet 
CoS  value  is  used  if  the  packet  is  tagged.  If  the  packet  is  untagged,  the  port  default 
CoS  value  is  used  to  map  CoS  to  DSCP. 


Defaults 


The  action  is  not  trusted.  If  no  keyword  is  specified  when  the  command  is  entered,  the  default  is  dscp. 


Command  Modes 


Policy-map  class  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


Use  this  command  to  distinguish  the  quality  of  service  (QoS)  trust  behavior  for  certain  traffic  from  other 
traffic.  For  example,  incoming  traffic  with  certain  DSCP  values  can  be  trusted.  You  can  configure  a  class 
map  to  match  and  trust  the  DSCP  values  in  the  incoming  traffic. 

Trust  values  set  with  this  command  supersede  trust  values  set  with  the  mis  qos  trust  interface 
configuration  command. 

The  trust  command  is  mutually  exclusive  with  set  policy-map  class  configuration  command  within  the 
same  policy  map. 

If  you  specify  trust  cos,  QoS  uses  the  received  or  default  port  CoS  value  and  the  CoS-to-DSCP  map  to 
generate  a  DSCP  value  for  the  packet. 

If  you  specify  trust  dscp,  QoS  uses  the  DSCP  value  from  the  ingress  packet.  For  non-IP  packets  that  are 
tagged,  QoS  uses  the  received  CoS  value;  for  non-IP  packets  that  are  untagged,  QoS  uses  the  default  port 
CoS  value.  In  either  case,  the  DSCP  value  for  the  packet  is  derived  from  the  CoS-to-DSCP  map. 
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If  you  specify  trust  ip-precedence,  QoS  uses  the  IP  precedence  value  from  the  ingress  packet  and  the 
IP-precedence-to-DSCP  map.  For  non-IP  packets  that  are  tagged,  QoS  uses  the  received  CoS  value;  for 
non-IP  packets  that  are  untagged,  QoS  uses  the  default  port  CoS  value.  In  either  case,  the  DSCP  for  the 
packet  is  derived  from  the  CoS-to-DSCP  map. 

To  return  to  policy-map  configuration  mode,  use  the  exit  command.  To  return  to  privileged  EXEC  mode, 
use  the  end  command. 


Examples  This  example  shows  how  to  define  a  port  trust  state  to  trust  incoming  DSCP  values  for  traffic  classified 

with  class  1: 

Switch (config) #  policy-map  policyl 
Switch (conf ig-pmap) #  class  classl 
Switch (conf ig-pmap-c) #  trust  dscp 

Switch (conf ig-pmap-c) #  police  1000000  20000  exceed-action  policed-dscp-transmit 

Switch ( conf ig-pmap-c ) #  exit 

You  can  verify  your  settings  by  entering  the  show  policy-map  privileged  EXEC  command. 


Related  Commands      Command  Description 


class 

Defines  a  traffic  classification  match  criteria  (through  the  police,  set, 

and  trust  policy-map  class  configuration  commands)  for  the 

specified  class-map  name. 

police 

Defines  a  policer  for  classified  traffic. 

policy-map 

Creates  or  modifies  a  policy  map  that  can  be  attached  to  multiple 

ports  to  specify  a  service  policy. 

set 

Classifies  IP  traffic  by  setting  a  DSCP  or  IP-precedence  value  in  the 

packet. 

show  policy-map 

Displays  QoS  policy  maps. 
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udld 


Use  the  udld  global  configuration  command  to  enable  aggressive  or  normal  mode  in  the  UniDirectional 
Link  Detection  (UDLD)  and  to  set  the  configurable  message  timer  time.  Use  the  no  form  of  the  command 
to  disable  aggressive  or  normal  mode  UDLD  on  all  fiber-optic  ports. 

udld  {aggressive  I  enable  I  message  time  message-timer-interval} 

no  udld  {aggressive  I  enable  I  message} 


Syntax  Description  aggressive 


Enable  UDLD  in  aggressive  mode  on  all  fiber-optic  interfaces. 


enable 


Enable  UDLD  in  normal  mode  on  all  fiber-optic  interfaces. 


message  time 

message-timer-interval 


Configure  the  period  of  time  between  UDLD  probe  messages  on  ports  that 
are  in  the  advertisement  phase  and  are  determined  to  be  bidirectional.  The 
range  is  1  to  90  seconds. 


Defaults 


UDLD  is  disabled  on  all  interfaces. 
The  message  timer  is  set  at  60  seconds. 


Command  Modes 


Global  configuration 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


UDLD  supports  two  modes  of  operation:  normal  (the  default)  and  aggressive.  In  normal  mode,  UDLD 
detects  unidirectional  links  due  to  misconnected  interfaces  on  fiber-optic  connections.  In  aggressive 
mode,  UDLD  also  detects  unidirectional  links  due  to  one-way  traffic  on  fiber-optic  and  twisted-pair  links 
and  due  to  misconnected  interfaces  on  fiber-optic  links.  For  information  about  normal  and  aggressive 
modes,  see  the  "Understanding  UDLD"  section  in  the  software  configuration  guide  for  this  release. 

If  you  change  the  message  time  between  probe  packets,  you  are  making  a  trade-off  between  the  detection 
speed  and  the  CPU  load.  By  decreasing  the  time,  you  can  make  the  detection-response  faster  but  increase 
the  load  on  the  CPU. 

This  command  affects  fiber-optic  interfaces  only.  Use  the  udld  interface  configuration  command  to 
enable  UDLD  on  other  interface  types. 

You  can  use  these  commands  to  reset  an  interface  shut  down  by  UDLD: 

•  The  udld  reset  privileged  EXEC  command  to  reset  all  interfaces  shut  down  by  UDLD 

•  The  shutdown  and  no  shutdown  interface  configuration  commands 

•  The  no  udld  enable  global  configuration  command  followed  by  the  udld  {aggressive  I  enable} 
global  configuration  command  to  re-enable  UDLD  globally 
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•  The  no  udld  port  interface  configuration  command  followed  by  the  udld  port  or  udld  port 
aggressive  interface  configuration  command  to  re-enable  UDLD  on  the  specified  interface 

•  The  errdisable  recovery  cause  udld  and  errdisable  recovery  interval  interval  global 
configuration  commands  to  automatically  recover  from  the  UDLD  error-disabled  state 


Examples  This  example  shows  how  to  enable  UDLD  on  all  fiber-optic  interfaces: 

Switch (config) #  udld  enable 

You  can  verify  your  setting  by  entering  the  show  udld  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  udld 

Displays  UDLD  administrative  and  operational  status  for  all  ports 

or  the  specified  port. 

udld  port 

Enables  UDLD  on  an  individual  interface  or  prevents  a  fiber-optic 

interface  from  being  enabled  by  the  udld  global  configuration 

command. 

udld  reset 

Resets  all  interfaces  shut  down  by  UDLD  and  permits  traffic  to 

again  pass  through. 
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udld  port 


Use  the  udld  port  interface  configuration  command  to  enable  the  UniDirectional  Link  Detection 
(UDLD)  on  an  individual  interface  or  prevent  a  fiber-optic  interface  from  being  enabled  by  the  udld 
global  configuration  command.  Use  the  no  form  of  this  command  to  return  to  the  udld  global 
configuration  command  setting  or  to  disable  UDLD  if  entered  for  a  nonfiber-optic  port. 

udld  port  [aggressive] 

no  udld  port  [aggressive] 


Syntax  Description  aggressive 


Enable  UDLD  in  aggressive  mode  on  the  specified  interface. 


Defaults 


On  fiber-optic  interfaces,  UDLD  is  not  enabled,  not  in  aggressive  mode,  and  not  disabled.  For  this 
reason,  fiber-optic  interfaces  enable  UDLD  according  to  the  state  of  the  udld  enable  or  udld  aggressive 
global  configuration  command. 

On  nonfiber-optic  interfaces,  UDLD  is  disabled. 


Command  Modes 


Interface  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


A  UDLD-capable  port  cannot  detect  a  unidirectional  link  if  it  is  connected  to  a  UDLD-incapable  port  of 
another  switch. 

UDLD  supports  two  modes  of  operation:  normal  (the  default)  and  aggressive.  In  normal  mode,  UDLD 
detects  unidirectional  links  due  to  misconnected  interfaces  on  fiber-optic  connections.  In  aggressive 
mode,  UDLD  also  detects  unidirectional  links  due  to  one-way  traffic  on  fiber-optic  and  twisted-pair  links 
and  due  to  misconnected  interfaces  on  fiber-optic  links.  For  information  about  normal  and  aggressive 
modes,  see  the  "Configuring  UDLD"  chapter  in  the  software  configuration  guide  for  this  release. 

To  enable  UDLD  in  normal  mode,  use  the  udld  port  interface  configuration  command.  To  enable  UDLD 
in  aggressive  mode,  use  the  udld  port  aggressive  interface  configuration  command. 

Use  the  no  udld  port  command  on  fiber-optic  ports  to  return  control  of  UDLD  to  the  udld  enable  global 
configuration  command  or  to  disable  UDLD  on  nonfiber-optic  ports. 

Use  the  udld  port  aggressive  command  on  fiber-optic  ports  to  override  the  setting  of  the  udld  enable 
or  udld  aggressive  global  configuration  command.  Use  the  no  form  on  fiber-optic  ports  to  remove  this 
setting  and  to  return  control  of  UDLD  enabling  to  the  udld  global  configuration  command  or  to  disable 
UDLD  on  nonfiber-optic  ports. 
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udld  port 

You  can  use  these  commands  to  reset  an  interface  shut  down  by  UDLD: 

•  The  udld  reset  privileged  EXEC  command  to  reset  all  interfaces  shut  down  by  UDLD 

•  The  shutdown  and  no  shutdown  interface  configuration  commands 

•  The  no  udld  enable  global  configuration  command  followed  by  the  udld  {aggressive  I  enable} 

global  configuration  command  to  re-enable  UDLD  globally 

•  The  no  udld  port  interface  configuration  command  followed  by  the  udld  port  or  udld  port 
aggressive  interface  configuration  command  to  re-enable  UDLD  on  the  specified  interface 

•  The  errdisable  recovery  cause  udld  and  errdisable  recovery  interval  interval  global 
configuration  commands  to  automatically  recover  from  the  UDLD  error-disabled  state 


Examples  This  example  shows  how  to  enable  UDLD  on  an  port: 

Switch (config) #  interface  gigabitethernetO/1 

Switch ( config-if ) #  udld  port 

This  example  shows  how  to  disable  UDLD  on  a  fiber-optic  interface  despite  the  setting  of  the  udld 
global  configuration  command: 

Switch ( config) #  interface  gigabitethernetO/1 

Switch (config-if ) #  no  udld  port 

You  can  verify  your  settings  by  entering  the  show  running-config  or  the  show  udld  interface  privileged 
EXEC  command. 


Related  Commands      Command  Description 


show  running-config 

Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals  Command 

Reference,  Release  12.2  >  File  Management  Commands  > 

Configuration  File  Management  Commands. 

show  udld 

Displays  UDLD  administrative  and  operational  status  for  all  ports  or 

the  specified  port. 

udld 

Enables  aggressive  or  normal  mode  in  UDLD  or  sets  the  configurable 

message  timer  time. 

udld  reset 

Resets  all  interfaces  shut  down  by  UDLD  and  permits  traffic  to  again 

pass  through. 
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udld  reset 

Use  the  udld  reset  privileged  EXEC  command  to  reset  all  interfaces  disabled  by  the  UniDirectional  Link 
Detection  (UDLD)  and  permit  traffic  to  begin  passing  through  them  again  (though  other  features,  such 
as  spanning  tree,  Port  Aggregation  Protocol  (PAgP),  and  Dynamic  Trunking  Protocol  (DTP)  still  have 
their  normal  effects,  if  enabled). 

udld  reset 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        If  the  interface  configuration  is  still  enabled  for  UDLD,  these  ports  begin  to  run  UDLD  again  and  are 
disabled  for  the  same  reason  if  the  problem  has  not  been  corrected. 


Examples  This  example  shows  how  to  reset  all  interfaces  disabled  by  UDLD: 

Switch#  udld  reset 

1  ports  shutdown  by  UDLD  were  reset . 

You  can  verify  your  setting  by  entering  the  show  udld  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  running-config 

Displays  the  running  configuration  on  the  switch.  For  syntax 

information,  select  Cisco  IOS  Configuration  Fundamentals  Command 

Reference,  Release  12.2  >  File  Management  Commands  > 

Configuration  File  Management  Commands. 

show  udld 

Displays  UDLD  administrative  and  operational  status  for  all  ports  or 

the  specified  port. 

udld 

Enables  aggressive  or  normal  mode  in  UDLD  or  sets  the  configurable 

message  timer  time. 

udld  port 

Enables  UDLD  on  an  individual  interface  or  prevents  a  fiber-optic 

interface  from  being  enabled  by  the  udld  global  configuration 

command. 
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vlan  (global  configuration) 


Use  the  vlan  global  configuration  command  to  add  a  VLAN  and  to  enter  the  config-vlan  mode.  Use  the 
no  form  of  this  command  to  delete  the  VLAN.  Configuration  information  for  normal-range  VLANs 
(VLAN  IDs  1  to  1005)  is  always  saved  in  the  VLAN  database.  When  VLAN  Trunking  Protocol  (VTP) 
mode  is  transparent,  you  can  create  extended-range  VLANs  (VLAN  IDs  greater  than  1005),  and  the  VTP 
mode,  domain  name,  and  the  VLAN  configuration  are  saved  in  the  switch  running  configuration  file.  You 
can  save  configurations  in  the  switch  startup  configuration  file  by  entering  the  copy  running-config 
startup-config  privileged  EXEC  command. 

vlan  vlan-id 

no  vlan  vlan- 21/ 


Syntax  Description  vlan-id 


ID  of  the  VLAN  to  be  added  and  configured.  For  vlan-id,  the  range  is  1  to  4094.  You 
can  enter  a  single  VLAN  ID,  a  series  of  VLAN  IDs  separated  by  commas,  or  a  range 
of  VLAN  IDs  separated  by  hyphens. 


Defaults 


This  command  has  no  default  settings. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  must  use  the  vlan  vlan-id  global  configuration  command  to  add  extended-range  VLANs  (VLAN  IDs 
1006  to  4094).  Before  configuring  VLANs  in  the  extended  range,  you  must  use  the  vtp  transparent 
global  configuration  or  VLAN  configuration  command  to  put  the  switch  in  VTP  transparent  mode. 
Extended-range  VLANs  are  not  learned  by  VTP  and  are  not  added  to  the  VLAN  database,  but  when  VTP 
mode  is  transparent,  VTP  mode  and  domain  name  and  all  VLAN  configurations  are  saved  in  the  running 
configuration,  and  you  can  save  them  in  the  switch  startup  configuration  file. 

When  you  save  the  VLAN  and  VTP  configurations  in  the  startup  configuration  file  and  reboot  the  switch, 
the  configuration  is  selected  in  these  ways: 

•  If  both  the  VLAN  database  and  the  configuration  file  show  the  VTP  mode  as  transparent  and  the 
VTP  domain  names  match,  the  VLAN  database  is  ignored.  The  VTP  and  VLAN  configurations  in 
the  startup  configuration  file  are  used.  The  VLAN  database  revision  number  remains  unchanged  in 
the  VLAN  database. 

•  If  the  VTP  mode  is  server,  or  if  the  startup  VTP  mode  or  domain  names  do  not  match  the  VLAN 
database,  the  VTP  mode  and  the  VLAN  configuration  for  the  first  1005  VLANs  use  the  VLAN 
database  information. 

If  you  try  to  create  an  extended-range  VLAN  when  the  switch  is  not  in  VTP  transparent  mode,  the  VLAN 
is  rejected,  and  you  receive  an  error  message. 
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If  you  enter  an  invalid  VLAN  ID,  you  receive  an  error  message  and  do  not  enter  config-vlan  mode. 

Entering  the  vlan  command  with  a  VLAN  ID  enables  config-vlan  mode.  When  you  enter  the  VLAN  ID 
of  an  existing  VLAN,  you  do  not  create  a  new  VLAN,  but  you  can  modify  VLAN  parameters  for  that 
VLAN.  The  specified  VLANs  are  added  or  modified  when  you  exit  the  config-vlan  mode.  Only  the 
shutdown  command  (for  VLANs  1  to  1005)  takes  effect  immediately. 

These  configuration  commands  are  available  in  config-vlan  mode.  The  no  form  of  each  command  returns 
the  characteristic  to  its  default  state. 

X   

Note      Although  all  commands  are  visible,  the  only  VLAN  configuration  commands  that  are  supported  on 
extended-range  VLANs  are  mtu  mtu-size  and  remote-span.  For  extended-range  VLANs,  all  other 
characteristics  must  remain  at  the  default  state. 


•  are  are-number:  defines  the  maximum  number  of  all-routes  explorer  (ARE)  hops  for  this  VLAN. 
This  keyword  applies  only  to  TrCRF  VLANs. The  range  is  0  to  13.  The  default  is  7.  If  no  value  is 
entered,  0  is  assumed  to  be  the  maximum. 

•  backupcrf:  specifies  the  backup  CRF  mode.  This  keyword  applies  only  to  TrCRF  VLANs. 

-  enable  backup  CRF  mode  for  this  VLAN. 

-  disable  backup  CRF  mode  for  this  VLAN  (the  default). 

•  bridge  {bridge-number\  type}:  specifies  the  logical  distributed  source-routing  bridge,  the  bridge 
that  interconnects  all  logical  rings  having  this  VLAN  as  a  parent  VLAN  in  FDDI-NET,  Token 
Ring-NET,  and  TrBRF  VLANs.  The  range  is  0  to  15.  The  default  bridge  number  is  0  (no 
source-routing  bridge)  for  FDDI-NET,  TrBRF,  and  Token  Ring-NET  VLANs.  The  type  keyword 
applies  only  to  TrCRF  VLANs  and  is  one  of  these: 

-  srb  (source-route  bridging) 

-  srt  (source-route  transparent)  bridging  VLAN 

•  exit:  applies  changes,  increments  the  VLAN  database  revision  number  (VLANs  1  to  1005  only),  and 
exits  config-vlan  mode. 

•  media:  defines  the  VLAN  media  type.  See  Table  2-33  for  valid  commands  and  syntax  for  different 
media  types. 

X   

Note     The  switch  supports  only  Ethernet  ports.  You  configure  only  FDDI  and  Token  Ring 

media-specific  characteristics  for  VLAN  Trunking  Protocol  (VTP)  global  advertisements  to 

other  switches.  These  VLANs  are  locally  suspended. 

-  ethernet  is  Ethernet  media  type  (the  default). 

-  fddi  is  FDDI  media  type. 

-  fd-net  is  FDDI  network  entity  title  (NET)  media  type. 

-  tokenring  is  Token  Ring  media  type  if  the  VTP  v2  mode  is  disabled,  or  TrCRF  if  the  VTP 
Version  2  (v)  mode  is  enabled. 

-  tr-net  is  Token  Ring  network  entity  title  (NET)  media  type  if  the  VTP  v2  mode  is  disabled  or 
TrBRF  media  type  if  the  VTP  v2  mode  is  enabled. 

•  mtu  mtu-size:  specifies  the  maximum  transmission  unit  (MTU)  (packet  size  in  bytes).  The  range  is 
1500  to  18190.  The  default  is  1500  bytes. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  the  HP  p-Class  Blade  System  Command  Reference  Guide  ■ 


2-567 


M     vlan  (global  configuration) 


Chapter  2   CGESM  Switch  Cisco  IPS  Commands  | 


•  name  vlan-name:  names  the  VLAN  with  an  ASCII  string  from  1  to  32  characters  that  must  be  unique 
within  the  administrative  domain.  The  default  is  VLANxxxx  where  xxxx  represents  four  numeric 
digits  (including  leading  zeros)  equal  to  the  VLAN  ID  number. 

•  no:  negates  a  command  or  returns  it  to  the  default  setting. 

•  parent  parent-vlan-id:  specifies  the  parent  VLAN  of  an  existing  FDDI,  Token  Ring,  or  TrCRF 
VLAN.  This  parameter  identifies  the  TrBRF  to  which  a  TrCRF  belongs  and  is  required  when 
defining  a  TrCRF.  The  range  is  0  to  1005.  The  default  parent  VLAN  ID  is  0  (no  parent  VLAN)  for 
FDDI  and  Token  Ring  VLANs.  For  both  Token  Ring  and  TrCRF  VLANs,  the  parent  VLAN  ID  must 
already  exist  in  the  database  and  be  associated  with  a  Token  Ring-NET  or  TrBRF  VLAN. 

•  remote-span:  configure  the  VLAN  as  a  Remote  SPAN  (RSPAN)  VLAN.  When  the  RSPAN  feature 
is  added  to  an  existing  VLAN,  the  VLAN  is  first  deleted  and  is  then  recreated  with  the  RSPAN 
feature.  Any  access  ports  are  deactivated  until  the  RSPAN  feature  is  removed.  If  VTP  is  enabled,  the 
new  RSPAN  VLAN  is  propagated  by  VTP  for  VLAN-IDs  that  are  lower  than  1024.  Learning  is 
disabled  on  the  VLAN.  See  the  remote-span  command  for  more  information. 

•  ring  ring-number,  defines  the  logical  ring  for  an  FDDI,  Token  Ring,  or  TrCRF  VLAN.  The  range  is 
1  to  4095.  The  default  for  Token  Ring  VLANs  is  0.  For  FDDI  VLANs,  there  is  no  default. 

•  said  said-value:  specifies  the  security  association  identifier  (SAID)  as  documented  in  IEEE  802.10. 
The  range  is  1  to  4294967294,  and  the  number  must  be  unique  within  the  administrative  domain. 
The  default  value  is  100000  plus  the  VLAN  ID  number. 

•  shutdown:  shuts  down  VLAN  switching  on  the  VLAN.  This  command  takes  effect  immediately. 
Other  commands  take  effect  when  you  exit  config-vlan  mode. 

•  state:  specifies  the  VLAN  state: 

-  active  means  the  VLAN  is  operational  (the  default). 

-  suspend  means  the  VLAN  is  suspended.  Suspended  VLANs  do  not  pass  packets. 

•  ste  ste-number.  defines  the  maximum  number  of  spanning-tree  explorer  (STE)  hops.  This  keyword 
applies  only  to  TrCRF  VLANs.  The  range  is  0  to  13.  The  default  is  7. 

•  stp  type:  defines  the  spanning-tree  type  for  FDDI-NET,  Token  Ring-NET,  or  TrBRF  VLANs.  For 
FDDI-NET  VLANs,  the  default  STP  type  is  ieee.  For  Token  Ring-NET  VLANs,  the  default  STP 
type  is  ibm.  For  FDDI  and  Token  Ring  VLANs,  the  default  is  no  type  specified. 

-  ieee  for  IEEE  Ethernet  STP  running  source-route  transparent  (SRT)  bridging. 

-  ibm  for  IBM  STP  running  source-route  bridging  (SRB). 

-  auto  for  STP  running  a  combination  of  source-route  transparent  bridging  (IEEE)  and 
source-route  bridging  (IBM). 

•  tb-vlanl  tb-vlanl-id  and  tb-vlan2  tb-vlan2-id:  specifies  the  first  and  second  VLAN  to  which  this 
VLAN  is  translationally  bridged.  Translational  VLANs  translate  FDDI  or  Token  Ring  to  Ethernet, 
for  example.  The  range  is  0  to  1005.  If  no  value  is  specified,  0  (no  transitional  bridging)  is  assumed. 


Table  2-33  Valid  Commands  and  Syntax  for  Different  Media  Types 


Media  Type 

Valid  Syntax 

Ethernet 

name  vlan-name,  media  ethernet,  state  {suspend  1  active},  said  said-value,  mtu 
mtu-size,  remote-span,  tb-vlanl  tb-vlanl-id,  tb-vlan2  tb-vlan2-id 

FDDI 

name  vlan-name,  media  fddi,  state  {suspend  1  active},  said  said-value, 
mtu  mtu-size,  ring  ring-number,  parent  parent-vlan-id,  tb-vlanl  tb-vlanl-id, 
tb-vlan2  tb-vlan2-id 
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Table  2-33   Valid  Commands  and  Syntax  for  Different  Media  Types  (continued) 


Media  Type 

Valid  Syntax 

FDDI-NET 

name  vlan-name,  media  fd-net,  state  {suspend  1  active},  said  said-value,  mtu 
mtu-size,  bridge  bridge-number,  stp  type  {ieee  1  ibm  1  auto},  tb-vlanl  tb-vlanl-id, 
tb-vlan2  tb-vlan2-id 

If  VTP  v2  mode  is  disabled,  do  not  set  the  stp  type  to  auto. 

Token  Ring 

VTP  vl  mode  is  enabled. 

name  vlan-name,  media  tokenring,  state  {suspend  1  active},  said  said-value, 
mtu  mtu-size,  ring  ring-number,  parent  parent-vlan-id,  tb-vlanl  tb-vlanl-id, 
tb-vlan2  tb-vlan2-id 

Token  Ring 

VTP  v2  mode  is  enabled. 

concentrator 
relay  function 
(TrCRF) 

name  vlan-name,  media  tokenring,  state  {suspend  1  active},  said  said-value, 
mtu  mtu-size,  ring  ring-number,  parent  parent-vlan-id,  bridge  type  {srb  1  srt}, 
are  are-number,  ste  ste-number,  backupcrf  {enable  1  disable}, 
tb-vlanl  tb-vlanl-id,  tb-vlan2  tb-vlan2-id 

Token  Ring-NET 

VTP  vl  mode  is  enabled. 

name  vlan-name,  media  tr-net,  state  {suspend  1  active},  said  said-value, 

mtu  mtu-size,  bridge  bridge-number,  stp  type  {ieee  1  ibm},  tb-vlanl  tb-vlanl-id, 

tb-vlan2  tb-vlan2-id 

Token  Ring 
bridge  relay 
function  (TrBRF) 

VTP  v2  mode  is  enabled. 

name  vlan-name,  media  tr-net,  state  {suspend  1  active},  said  said-value, 
mtu  mtu-size,  bridge  bridge-number,  stp  type  {ieee  1  ibm  1  auto}, 
tb-vlanl  tb-vlanl-id,  tb-vlan2  tb-vlan2-id 

Table  2-34  describes  the  rules  for  configuring  VLANs. 
Table  2-34  VLAN  Configuration  Rules 


Configuration 

Rule 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  a  TrCRF  VLAN 

Specify  a  parent  VLAN  ID  of  a  TrBRF  that  already  exists  in  the 
database. 

media  type. 

Specify  a  ring  number.  Do  not  leave  this  field  blank. 

Specify  unique  ring  numbers  when  TrCRF  VLANs  have  the  same 
parent  VLAN  ID.  Only  one  backup  concentrator  relay  function 
(CRF)  can  be  enabled. 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  VLANs  other  than 
TrCRF  media  type. 

Do  not  specify  a  backup  CRF. 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  a  TrBRF  VLAN 
media  type. 

Specify  a  bridge  number.  Do  not  leave  this  field  blank. 
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Table  2-34   VLAN  Configuration  Rules  (continued) 


Configuration 

Rule 

VTP  vl  mode  is  enabled. 

No  VLAN  can  have  an  STP  type  set  to  auto. 

This  rule  applies  to  Ethernet,  FDDI,  FDDI-NET,  Token  Ring,  and 
Token  Ring-NET  VLANs. 

Add  a  VLAN  that  requires 
translational  bridging  (values  are 

The  translational  bridging  VLAN  IDs  that  are  used  must  already 
exist  in  the  database. 

not  set  to  zero). 

The  translational  bridging  VLAN  IDs  that  a  configuration  points 
to  must  also  contain  a  pointer  to  the  original  VLAN  in  one  of  the 
translational  bridging  parameters  (for  example,  Ethernet  points  to 
FDDI,  and  FDDI  points  to  Ethernet). 

The  translational  bridging  VLAN  IDs  that  a  configuration  points 
to  must  be  different  media  types  than  the  original  VLAN  (for 
example,  Ethernet  can  point  to  Token  Ring). 

If  both  translational  bridging  VLAN  IDs  are  configured,  these 
VLANs  must  be  different  media  types  (for  example,  Ethernet  can 
point  to  FDDI  and  Token  Ring). 

Examples  This  example  shows  how  to  add  an  Ethernet  VLAN  with  default  media  characteristics.  The  default 

includes  a  vlan-name  of  VLANxxx,  where  xxxx  represents  four  numeric  digits  (including  leading  zeros) 
equal  to  the  VLAN  ID  number.  The  default  media  option  is  ethernet;  the  state  option  is  active.  The 
default  said-value  variable  is  100000  plus  the  VLAN  ID;  the  mtu-size  variable  is  1500;  the  stp-type 
option  is  ieee.  When  you  enter  the  exit  config-vlan  configuration  command,  the  VLAN  is  added  if  it  did 
not  already  exist;  otherwise,  this  command  does  nothing. 

This  example  shows  how  to  create  a  new  VLAN  with  all  default  characteristics  and  enter  config-vlan 
mode: 

Switch(config) #  vlan  200 
Switch ( config-vlan) #  exit 
Switch (conf ig) # 

This  example  shows  how  to  create  a  new  extended-range  VLAN  with  all  the  default  characteristics,  to 
enter  config-vlan  mode,  and  to  save  the  new  VLAN  in  the  switch  startup  configuration  file: 

Switch (conf ig) #  vtp  mode  transparent 

Switch (conf ig) #  vlan  2000 

Switch ( config-vlan) #  end 

Switch#  copy  running-conf ig  startup  config 

You  can  verify  your  setting  by  entering  the  show  vlan  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  vlan  Displays  the  parameters  for  all  configured  VLANs  or  one  VLAN  (if  the 

VLAN  ID  or  name  is  specified)  in  the  administrative  domain. 

vlan  (VLAN  Configures  normal-range  VLANs  in  the  VLAN  database, 

configuration) 
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vlan  (VLAN  configuration) 

Use  the  vlan  VLAN  configuration  command  to  configure  VLAN  characteristics  for  a  normal-range 
VLAN  (VLAN  IDs  1  to  1005)  in  the  VLAN  database.  You  access  VLAN  configuration  mode  by  entering 
the  vlan  database  privileged  EXEC  command.  Use  the  no  form  of  this  command  without  additional 
parameters  to  delete  a  VLAN.  Use  the  no  form  with  parameters  to  change  its  configured  characteristics. 

vlan  vlan-id  [are  are-number]  [backupcrf  {enable  I  disable}]  [bridge  bridge-number  I 
type  [srb  I  srt}]  [media  {ethernet  I  fddi  I  fdi-net  I  tokenring  I  tr-net}]  [mtu  mtu-size] 
[name  vlan-name]  [parent  parent-vlan-id]  [ring  ring-number]  [said  said-value] 
[state  {suspend  I  active}]  [ste  ste-number]  [stp  type  {ieee  I  ibm  I  auto}] 
[tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

no  vlan  vlan-id  [are  are-number]  [backupcrf  {enable  I  disable}]  [bridge  bridge-number  I 
type  {srb  I  srt}]  [media  {ethernet  I  fddi  I  fdi-net  I  tokenring  I  tr-net}]  [mtu  mtu-size] 
[name  vlan-name]  [parent  parent-vlan-id]  [ring  ring-number]  [said  said-value] 
[state  {suspend  I  active}]  [ste  ste-number]  [stp  type  {ieee  I  ibm  I  auto}] 
[tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

Extended-range  VLANs  (with  VLAN  IDs  from  1006  to  4094)  cannot  be  added  or  modified  by  using 
these  commands.  To  add  extended-range  VLANs,  use  the  vlan  (global  configuration)  command  to  enter 
config-vlan  mode. 

X   

Note  The  switch  supports  only  Ethernet  ports.  You  configure  only  FDDI  and  Token  Ring  media-specific 
characteristics  for  VLAN  Trunking  Protocol  (VTP)  global  advertisements  to  other  switches.  These 
VLANs  are  locally  suspended. 


Syntax  Description       vlan-id  ID  of  the  configured  VLAN.  The  range  is  1  to  1005  and  must  be  unique 

within  the  administrative  domain.  Do  not  enter  leading  zeros. 

are  are-number  (Optional)  Specify  the  maximum  number  of  all-routes  explorer  (ARE) 

hops  for  this  VLAN.  This  keyword  applies  only  to  TrCRF  VLANs.  The 
range  is  0  to  13.  If  no  value  is  entered,  0  is  assumed  to  be  the  maximum. 

backupcrf  {enable  I  disable}  (Optional)  Specify  the  backup  CRF  mode.  This  keyword  applies  only 

to  TrCRF  VLANs. 

•  enable  backup  CRF  mode  for  this  VLAN. 

•  disable  backup  CRF  mode  for  this  VLAN. 

(Optional)  Specify  the  logical  distributed  source-routing  bridge,  the 
bridge  that  interconnects  all  logical  rings  having  this  VLAN  as  a  parent 
VLAN  in  FDDI-NET,  Token  Ring-NET,  and  TrBRF  VLANs. 

The  range  is  0  to  15. 

The  type  keyword  applies  only  to  TrCRF  VLANs  and  is  one  of  these: 

•  srb  (source-route  bridging) 

•  srt  (source-route  transparent)  bridging  VLAN 


bridge  bridge-numberl 
type  {srb  I  srt} 
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media  {ethernet  I  fddi  I 
fd-net  I  tokenring  I  tr-netj 


(Optional)  Specify  the  VLAN  media  type.  Table  2-35  lists  the  valid 
syntax  for  each  media  type. 

•  ethernet  is  Ethernet  media  type  (the  default). 

•  fddi  is  FDDI  media  type. 

•  fd-net  is  FDDI  network  entity  title  (NET)  media  type. 

•  tokenring  is  Token  Ring  media  type  if  the  VTP  v2  mode  is 
disabled,  or  TrCRF  if  the  VTP  v2  mode  is  enabled. 

•  tr-net  is  Token  Ring  network  entity  title  (NET)  media  type  if  the 
VTP  v2  mode  is  disabled  or  TrBRF  media  type  if  the  VTP  v2  mode 
is  enabled. 

mtu  mtu-size  (Optional)  Specify  the  maximum  transmission  unit  (MTU)  (packet  size 

in  bytes).  The  range  is  1500  to  18190. 

name  vlan-name  (Optional)  Specify  the  VLAN  name,  an  ASCII  string  from  1  to  32 

characters  that  must  be  unique  within  the  administrative  domain. 


parent  parent-vlan-id 

ring  ring-number 
said  said-value 

state  {suspend  I  active} 


(Optional)  Specify  the  parent  VLAN  of  an  existing  FDDI,  Token  Ring, 
or  TrCRF  VLAN.  This  parameter  identifies  the  TrBRF  to  which  a 
TrCRF  belongs  and  is  required  when  defining  a  TrCRF.  The  range  is  0 
to  1005. 

(Optional)  Specify  the  logical  ring  for  an  FDDI,  Token  Ring,  or  TrCRF 
VLAN.  The  range  is  1  to  4095. 

(Optional)  Enter  the  security  association  identifier  (SAID)  as 
documented  in  IEEE  802.10.  The  range  is  1  to  4294967294,  and  the 
number  must  be  unique  within  the  administrative  domain. 

(Optional)  Specify  the  VLAN  state: 

•  If  active,  the  VLAN  is  operational. 

•  If  suspend,  the  VLAN  is  suspended.  Suspended  VLANs  do  not 
pass  packets. 

ste  ste-number  (Optional)  Specify  the  maximum  number  of  spanning-tree  explorer 

(STE)  hops.  This  keyword  applies  only  to  TrCRF  VLANs.  The  range  is 
0tol3. 

(Optional)  Specify  the  spanning-tree  type  for  FDDI-NET,  Token 
Ring-NET,  or  TrBRF  VLAN. 

•  ieee  for  IEEE  Ethernet  STP  running  source-route  transparent 
(SRT)  bridging. 

•  ibm  for  IBM  STP  running  source-route  bridging  (SRB). 

•  auto  for  STP  running  a  combination  of  source-route  transparent 
bridging  (IEEE)  and  source-route  bridging  (IBM). 

(Optional)  Specify  the  first  and  second  VLAN  to  which  this  VLAN  is 
translationally  bridged.  Translational  VLANs  translate  FDDI  or  Token 
Ring  to  Ethernet,  for  example.  The  range  is  0  to  1005.  Zero  is  assumed 
if  no  value  is  specified. 


stp  type  {ieee  I  ibm  I  autoj 


tb-vlanl  tb-vlanl-id 
and  tb-vlan2  tb-vlan2-id 
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Table  2-35  shows  the  valid  syntax  options  for  different  media  types. 


Table  2-35  Valid  Syntax  for  Different  Media  Types 


Media  Type 

Valid  Syntax 

Ethernet 

vlan  vlan-id  [name  vlan-name]  media  ethernet  [state  [suspend  1  active}] 
[said  said-value]  [mtu  mtu-size]  [tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

FDDI 

vlan  vlan-id  [name  vlan-name]  media  fddi  [state  [suspend  1  active}] 
[said  said-value]  [mtu  mtu-size]  [ring  ring-number]  [parent  parent-vlan-id] 

llh_vl'»nl    tit   mIsivi  1    rV/1   TtH-vlatl'}  tit   if//-7c»9  7/71 

[iu  vitiiix  lu  vLLitii  Let]  Liu  vidii^  lu viaiiz.  ia\ 

rDDl-iNii  1 

vlan  vlan-id  [name  vlan-name]  media  fd-net  [state  [suspend  1  active}] 

[said  said-value]  [mtu  mtu-size]  [bridge  bridge-number] 

[stp  type  [ieee  1  ibm  1  auto}]  [tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

If  VTP  v2  mode  is  disabled,  do  not  set  the  stp  type  to  auto. 

Token  Ring 

VTP  vl  mode  is  enabled. 

vlan  vlan-id  [name  vlan-name]  media  tokenring  [state  {suspend  1  active}] 
[said  said-value]  [mtu  mtu-size]  [ring  ring-number]  [parent  parent-vlan-id] 
[tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

Token  Ring 

VTP  v2  mode  is  enabled. 

concentrator 
relay  function 
(TrCRF) 

vlan  vlan-id  [name  vlan-name]  media  tokenring  [state  {suspend  1  active}] 
[said  said-value]  [mtu  mtu-size]  [ring  ring-number]  [parent  parent-vlan-id] 
[bridge  type  [srb  1  srt}]  [are  are-number]  [ste  ste-number] 
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Token  Ring-NET 

VTP  vl  mode  is  enabled. 

vlan  vlan-id  [name  vlan-name]  media  tr-net  [state  {suspend  1  active}] 

[said  said-value]  [mtu  mtu-size]  [bridge  bridge-number] 

[stp  type  [ieee  1  ibm}]  [tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

Token  Ring 
bridge  relay 
function  (TrBRF) 

VTP  v2  mode  is  enabled. 

vlan  vlan-id  [name  vlan-name]  media  tr-net  [state  {suspend  1  active}] 

[said  said-value]  [mtu  mtu-size]  [bridge  bridge-number] 

[stp  type  [ieee  1  ibm  1  auto}]  [tb-vlanl  tb-vlanl-id]  [tb-vlan2  tb-vlan2-id] 

Table  2-36  describes  the  rules  for  configuring  VLANs. 
Table  2-36   VLAN  Configuration  Rules 


Configuration 

Rule 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  a  TrCRF  VLAN 
media  type. 

Specify  a  parent  VLAN  ID  of  a  TrBRF  that  already  exists  in  the 
database. 

Specify  a  ring  number.  Do  not  leave  this  field  blank. 

Specify  unique  ring  numbers  when  TrCRF  VLANs  have  the  same 
parent  VLAN  ID.  Only  one  backup  concentrator  relay  function 
(CRF)  can  be  enabled. 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  VLANs  other  than 
TrCRF  media  type. 

Do  not  specify  a  backup  CRF. 
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Table  2-36   VLAN  Configuration  Rules  (continued) 


Configuration 

Rule 

VTP  v2  mode  is  enabled,  and  you 
are  configuring  a  TrBRF  VLAN 
media  type. 

Specify  a  bridge  number.  Do  not  leave  this  field  blank. 

VTP  vl  mode  is  enabled. 

No  VLAN  can  have  an  STP  type  set  to  auto. 

This  rule  applies  to  Ethernet,  FDDI,  FDDI-NET,  Token  Ring,  and 
Token  Ring-NET  VLANs. 

Add  a  VLAN  that  requires 
translational  bridging  (values  are 

The  translational  bridging  VLAN  IDs  that  are  used  must  already 
exist  in  the  database. 

not  set  to  zero). 

The  translational  bridging  VLAN  IDs  that  a  configuration  points 
to  must  also  contain  a  pointer  to  the  original  VLAN  in  one  of  the 
translational  bridging  parameters  (for  example,  Ethernet  points  to 
FDDI,  and  FDDI  points  to  Ethernet). 

The  translational  bridging  VLAN  IDs  that  a  configuration  points 
to  must  be  different  media  types  than  the  original  VLAN  (for 
example,  Ethernet  can  point  to  Token  Ring). 

If  both  translational  bridging  VLAN  IDs  are  configured,  these 
VLANs  must  be  different  media  types  (for  example,  Ethernet  can 
point  to  FDDI  and  Token  Ring). 

Defaults  The  ARE  value  is  7. 

Backup  CRF  is  disabled. 

The  bridge  number  is  0  (no  source-routing  bridge)  for  FDDI-NET,  TrBRF,  and  Token  Ring-NET 
VLANs. 

The  media  type  is  ethernet. 

The  default  mtu  size  is  1500  bytes. 

The  vlan-name  variable  is  VLANxxxx,  where  xxxx  represents  four  numeric  digits  (including  leading 
zeros)  equal  to  the  VLAN  ID  number. 

The  parent  VLAN  ID  is  0  (no  parent  VLAN)  for  FDDI  and  Token  Ring  VLANs.  For  TrCRF  VLANs, 
you  must  specify  a  parent  VLAN  ID.  For  both  Token  Ring  and  TrCRF  VLANs,  the  parent  VLAN  ID 
must  already  exist  in  the  database  and  be  associated  with  a  Token  Ring-NET  or  TrBRF  VLAN. 

The  ring  number  for  Token  Ring  VLANs  is  0.  For  FDDI  VLANs,  there  is  no  default. 

The  said  value  is  100000  plus  the  VLAN  ID. 

The  state  is  active. 

The  STE  value  is  7. 

The  STP  type  is  ieee  for  FDDI-NET  and  ibm  for  Token  Ring-NET  VLANs.  For  FDDI  and  Token  Ring 
VLANs,  the  default  is  no  type  specified. 

The  tb-vlanl-id  and  tb-vlan2-id  variables  are  zero  (no  translational  bridging). 
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Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  only  use  this  command  mode  for  configuring  normal-range  VLANs,  that  is,  VLAN  IDs  1 
to  1005. 

X   

Note      To  configure  extended-range  VLANs  (VLAN  IDs  1006  to  4094),  use  the  vlan  global  configuration 
command. 


VLAN  configuration  is  always  saved  in  the  VLAN  database.  If  VTP  mode  is  transparent,  it  is  also  saved 
in  the  switch  running  configuration  file,  along  with  the  VTP  mode  and  domain  name.  You  can  then  save 
it  in  the  switch  startup  configuration  file  by  using  the  copy  running-config  startup-config  privileged 
EXEC  command. 

When  you  save  VLAN  and  VTP  configuration  in  the  startup  configuration  file  and  reboot  the  switch,  the 
configuration  is  selected  in  these  ways: 

•  If  both  the  VLAN  database  and  the  configuration  file  show  the  VTP  mode  as  transparent  and  the 
VTP  domain  names  match,  the  VLAN  database  is  ignored.  The  VTP  and  VLAN  configurations  in 
the  startup  configuration  file  are  used.  The  VLAN  database  revision  number  remains  unchanged  in 
the  VLAN  database. 

•  If  the  VTP  mode  is  server,  or  if  the  startup  VTP  mode  or  domain  names  do  not  match  the  VLAN 
database,  the  VTP  mode  and  the  VLAN  configuration  for  the  first  1005  VLANs  use  VLAN  database 
information. 

The  following  are  the  results  of  using  the  no  vlan  commands: 

•  When  the  no  vlan  vlan-id  form  is  used,  the  VLAN  is  deleted.  Deleting  VLANs  automatically  resets 
to  zero  any  other  parent  VLANs  and  translational  bridging  parameters  that  see  the  deleted  VLAN. 

•  When  the  no  vlan  vlan-id  bridge  form  is  used,  the  VLAN  source-routing  bridge  number  returns  to 
the  default  (0).  The  vlan  vlan-id  bridge  command  is  used  only  for  FDDI-NET  and  Token  Ring-NET 
VLANs  and  is  ignored  in  other  VLAN  types. 

•  When  the  no  vlan  vlan-id  media  form  is  used,  the  media  type  returns  to  the  default  (ethernet). 
Changing  the  VLAN  media  type  (including  the  no  form)  resets  the  VLAN  MTU  to  the  default  MTU 
for  the  type  (unless  the  mtu  keyword  is  also  present  in  the  command).  It  also  resets  the  VLAN  parent 
and  translational  bridging  VLAN  to  the  default  (unless  the  parent,  tb-vlanl,  or  tb-vlan2  are  also 
present  in  the  command). 

•  When  the  no  vlan  vlan-id  mtu  form  is  used,  the  VLAN  MTU  returns  to  the  default  for  the  applicable 
VLAN  media  type.  You  can  also  modify  the  MTU  by  using  the  media  keyword. 

•  When  the  no  vlan  vlan-id  name  vlan-name  form  is  used,  the  VLAN  name  returns  to  the  default 
name  (VLANxxxx,  where  xxxx  represent  four  numeric  digits  [including  leading  zeros]  equal  to  the 
VLAN  ID  number). 

•  When  the  no  vlan  vlan-id  parent  form  is  used,  the  parent  VLAN  returns  to  the  default  (0).  The 
parent  VLAN  resets  to  the  default  if  the  parent  VLAN  is  deleted  or  if  the  media  keyword  changes 
the  VLAN  type  or  the  VLAN  type  of  the  parent  VLAN. 

•  When  the  no  vlan  vlan-id  ring  form  is  used,  the  VLAN  logical  ring  number  returns  to  the 
default  (0). 

•  When  the  no  vlan  vlan-id  said  form  is  used,  the  VLAN  SAID  returns  to  the  default  (100,000  plus 
the  VLAN  ID). 
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•  When  the  no  vlan  vlan-id  state  form  is  used,  the  VLAN  state  returns  to  the  default  (active). 

•  When  the  no  vlan  vlan-id  stp  type  form  is  used,  the  VLAN  spanning-tree  type  returns  to  the  default 
(ieee). 

•  When  the  no  vlan  vlan-id  tb-vlanl  or  no-id  tb-vlan2  form  is  used,  the  VLAN  translational  bridge 
VLAN  (or  VLANs,  if  applicable)  returns  to  the  default  (0).  Translational  bridge  VLANs  must  be  a 
different  VLAN  type  than  the  affected  VLAN,  and  if  two  are  specified,  the  two  must  be  different 
VLAN  types  from  each  other.  A  translational  bridge  VLAN  resets  to  the  default  if  the  translational 
bridge  VLAN  is  deleted,  if  the  media  keyword  changes  the  VLAN  type,  or  if  the  media  keyword 
changes  the  VLAN  type  of  the  corresponding  translation  bridge  VLAN. 


Examples  This  example  shows  how  to  add  an  Ethernet  VLAN  with  default  media  characteristics.  The  default 

includes  a  vlan-name  of  VLANxxx,  where  xxxx  represents  four  numeric  digits  (including  leading  zeros) 
equal  to  the  VLAN  ID  number.  The  default  media  option  is  ethernet;  the  state  option  is  active.  The 
default  said-value  variable  is  100000  plus  the  VLAN  ID;  the  mtu-size  variable  is  1500;  the  stp-type 
option  is  ieee.  When  you  enter  the  exit  or  apply  vlan  configuration  command,  the  VLAN  is  added  if  it 
did  not  already  exist;  otherwise,  this  command  does  nothing. 

Switch (vlan) #  vlan  2 
VLAN  2  added: 

Name:  VLAN0002 
Switch (vlan) #  exit 
APPLY  completed. 
Exiting .... 

This  example  shows  how  to  modify  an  existing  VLAN  by  changing  its  name  and  MTU  size: 

Switch (vlan) #  no  vlan  name  engineering  mtu  1200 

You  can  verify  your  settings  by  entering  the  show  vlan  privileged  EXEC  command. 


Related  Commands      Command  Description 

show  vlan  Displays  the  parameters  for  all  configured  VLANs  or  one  VLAN  (if  the  VLAN 

ID  or  name  is  specified)  in  the  administrative  domain. 

vlan  (global  Enters  config-vlan  mode  for  configuring  normal-range  and  extended-range 

configuration)  VLANs. 
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vlan  access-map 

Use  the  vlan  access-map  global  configuration  command  on  the  switch  to  create  or  modify  a  VLAN  map 
entry  for  VLAN  packet  filtering.  This  entry  changes  the  mode  to  the  VLAN  access-map  configuration. 
Use  the  no  form  of  this  command  to  delete  a  VLAN  map  entry.  Use  the  vlan  filter  interface 
configuration  command  to  apply  a  VLAN  map  to  one  or  more  VLANs. 

vlan  access-map  name  [number] 

no  vlan  access-map  name  [number] 


Syntax  Description      name  Name  of  the  VLAN  map. 

number  (Optional)  The  sequence  number  of  the  map  entry  that  you  want  to  create  or  modify  (0 

to  65535).  If  you  are  creating  a  VLAN  map  and  the  sequence  number  is  not  specified, 
it  is  automatically  assigned  in  increments  of  10,  starting  from  10.  This  number  is  the 
sequence  to  insert  to,  or  delete  from,  a  VLAN  access-map  entry. 


Defaults  There  are  no  VLAN  map  entries  and  no  VLAN  maps  applied  to  a  VLAN. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  In  global  configuration  mode,  use  this  command  to  create  or  modify  a  VLAN  map.  This  entry  changes 
the  mode  to  VLAN  access-map  configuration,  where  you  can  use  the  match  access-map  configuration 
command  to  specify  the  access  lists  for  IP  or  non-IP  traffic  to  match  and  use  the  action  command  to  set 
whether  a  match  causes  the  packet  to  be  forwarded  or  dropped. 

In  VLAN  access-map  configuration  mode,  these  commands  are  available: 

•  action:  sets  the  action  to  be  taken  (forward  or  drop). 

•  default:  sets  a  command  to  its  defaults 

•  exit:  exits  from  VLAN  access-map  configuration  mode 

•  match:  sets  the  values  to  match  (IP  address  or  MAC  address). 

•  no:  negates  a  command  or  set  its  defaults 

When  you  do  not  specify  an  entry  number  (sequence  number),  it  is  added  to  the  end  of  the  map. 

In  global  configuration  mode,  use  the  vlan  filter  interface  configuration  command  to  apply  the  map  to 
one  or  more  VLANs. 

For  more  information  about  VLAN  map  entries,  see  the  software  configuration  guide  for  this  release. 
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Examples  This  example  shows  how  to  create  a  VLAN  map  named  vacl  and  apply  matching  conditions  and  actions 

to  it.  If  no  other  entries  already  exist  in  the  map,  this  will  be  entry  10. 

Switch ( config) #  vlan  access-map  vacl 

Switch (conf ig-access-map) #  match  ip  address  acll 

Switch (conf ig-access-map) #  action  forward 

This  example  shows  how  to  delete  VLAN  map  vacl: 

Switch (conf ig) #  no  vlan  access-map  vacl 


Related  Commands      Command  Description 


action 

Sets  the  action  for  the  VLAN  access  map  entry. 

match  (access-map  configuration) 

Sets  the  VLAN  map  to  match  packets  against  one  or  more  access 

lists. 

show  vlan  access-map 

Displays  information  about  a  particular  VLAN  access  map  or  all 

VLAN  access  maps. 

vlan  filter 

Applies  the  VLAN  access  map  to  one  or  more  VLANs. 
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vlan  database 


Use  the  vlan  database  privileged  EXEC  command  to  enter  VLAN  configuration  mode.  From  this  mode, 
you  can  add,  delete,  and  modify  VLAN  configurations  for  normal-range  VLANs  and  globally  propagate 
these  changes  by  using  the  VLAN  Trunking  Protocol  (VTP).  Configuration  information  is  saved  in  the 
VLAN  database. 

vlan  database 


X   

Note      VLAN  configuration  mode  is  only  valid  for  VLAN  IDs  1  to  1005. 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


No  default  is  defined. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines 


X 

Note 


You  can  use  the  VLAN  database  configuration  commands  to  configure  VLANs  1  to  1005.  To  configure 
extended-range  VLANs  (VLAN  IDs  1006  to  4094),  use  the  vlan  (global  configuration)  command  to 
enter  config-vlan  mode.  You  can  also  configure  VLAN  IDs  1  to  1005  by  using  the  vlan  global 
configuration  command. 

To  return  to  the  privileged  EXEC  mode  from  the  VLAN  configuration  mode,  enter  the  exit  command. 


This  command  mode  is  different  from  other  modes  because  it  is  session-oriented.  When  you  add,  delete, 
or  modify  VLAN  parameters,  the  changes  are  not  applied  until  you  exit  the  session  by  entering  the  apply 
or  exit  command.  When  the  changes  are  applied,  the  VTP  configuration  version  is  incremented.  You  can 
also  not  apply  the  changes  to  the  VTP  database  by  entering  abort. 


When  you  are  in  VLAN  configuration  mode,  you  can  access  the  VLAN  database  and  make  changes  by 
using  these  commands: 

•  vlan:  accesses  subcommands  to  add,  delete,  or  modify  values  associated  with  a  single  VLAN.  For 
more  information,  see  the  vlan  (VLAN  configuration)  command. 

•  vtp:  accesses  subcommands  to  perform  VTP  administrative  functions.  For  more  information,  see  the 
vtp  (VLAN  configuration)  command. 
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When  you  have  modified  VLAN  or  VTP  parameters,  you  can  use  these  editing  buffer  manipulation 
commands: 

•  abort:  exits  the  mode  without  applying  the  changes.  The  VLAN  configuration  that  was  running 
before  you  entered  VLAN  configuration  mode  continues  to  be  used. 

•  apply:  applies  current  changes  to  the  VLAN  database,  increments  the  database  configuration 
revision  number,  propagates  it  throughout  the  administrative  domain,  and  remains  in  VLAN 
configuration  mode. 

X   

Note     You  cannot  use  this  command  when  the  switch  is  in  VTP  client  mode. 


•  exit:  applies  all  configuration  changes  to  the  VLAN  database,  increments  the  database  configuration 
number,  propagates  it  throughout  the  administrative  domain,  and  returns  to  privileged  EXEC  mode. 

•  no:  negates  a  command  or  set  its  defaults;  valid  values  are  vlan  and  vtp. 

•  reset:  abandons  proposed  changes  to  the  VLAN  database,  resets  the  proposed  database  to  the 
implemented  VLAN  database  on  the  switch,  and  remains  in  VLAN  configuration  mode. 

•  show:  displays  VLAN  database  information. 

•  show  changes  [vlan-id]:  displays  the  differences  between  the  VLAN  database  on  the  switch  and  the 
proposed  VLAN  database  for  all  normal-range  VLAN  IDs  (1  to  1005)  or  the  specified  VLAN  ID  (1 
to  1005). 

•  show  current  [vlan-id]:  displays  the  VLAN  database  on  the  switch  or  on  a  selected  VLAN  (1  to 
1005). 

•  show  proposed  [vlan-id]:  displays  the  proposed  VLAN  database  or  a  selected  VLAN  (1  to  1005) 
from  the  proposed  database.  The  proposed  VLAN  database  is  not  the  running  configuration  until 
you  use  the  exit  or  apply  VLAN  configuration  command. 

You  can  verify  that  VLAN  database  changes  have  been  made  or  aborted  by  using  the  show  vlan 
privileged  EXEC  command.  This  output  is  different  from  the  show  VLAN  database  configuration 
command  output. 


Examples  This  example  shows  how  to  enter  the  VLAN  configuration  mode  from  the  privileged  EXEC  mode  and 

to  display  VLAN  database  information: 

Switch#  vlan  database 

Switch (vlan) #  show 
VLAN  ISL   Id:  1 
Name:  default 
Media  Type :  Ethernet 
VLAN  802.10   Id:  100001 
State:  Operational 
MTU :    15  00 

Translational  Bridged  VLAN:  1002 
Translational  Bridged  VLAN:  1003 

VLAN  ISL   Id:  2 
Name:  VLAN0002 
Media  Type :  Ethernet 
VLAN  802.10   Id:  100002 
State:  Operational 
MTU :  1500 
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VLAN  ISL   Id:  1002 
Name:  fddi-default 
Media  Type:  FDDI 
VLAN  802.10   Id:  101002 
State:  Operational 
MTU :    15  00 
Bridge  Type:  SRB 
Ring  Number :  0 

Translational  Bridged  VLAN :  1 
Translational  Bridged  VLAN:  1003 

<output  truncated> 

This  is  an  example  of  output  from  the  show  changes  command: 

Switch (vlan) #  show  changes 

DELETED : 

VLAN  ISL   Id:  4 
Name:  VLAN0004 
Media  Type:  Ethernet 
VLAN  802.10   Id:  100004 
State:  Operational 
MTU :    15  00 

MODIFIED: 

VLAN  ISL   Id:  7 

Current  State:  Operational 
Modified  State:  Suspended 

This  example  shows  how  to  display  the  differences  between  VLAN  7  in  the  current  database  and  the 
proposed  database. 

Switch (vlan) #  show  changes  7 

MODIFIED: 

VLAN  ISL   Id:  7 

Current  State:  Operational 
Modified  State:  Suspended 

This  is  an  example  of  output  from  the  show  current  20  command.  It  displays  only  VLAN  20  of  the 
current  database. 

Switch (vlan) #  show  current  20 

VLAN  ISL  Id:    2  0 

Name:   VLAN002  0 
Media  Type :  Ethernet 
VLAN  802.10   Id:  100020 
State:  Operational 
MTU :    15  00 


Related  Commands      Command  Description 


show  vlan 

Displays  the  parameters  for  all  configured  VLANs  in  the  administrative 

domain. 

shutdown  vlan 

Shuts  down  (suspends)  local  traffic  on  the  specified  VLAN. 

vlan  (global 

Enters  config-vlan  mode  for  configuring  normal-range  and  extended-range 

configuration) 

VLANs. 
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Use  the  vlan  filter  global  configuration  command  on  the  switch  to  apply  a  VLAN  map  to  one  or  more 
VLANs.  Use  the  no  form  of  this  command  to  remove  the  map. 

vlan  filter  mapname  vlan-list  [list  I  all} 

no  vlan  filter  mapname  vlan-list  [list  I  all} 


Syntax  Description  mapname 


Name  of  the  VLAN  map  entry. 


list  The  list  of  one  or  more  VLANs  in  the  form  tt,  uu-vv,  xx,  yy-zz,  where  spaces 

around  commas  and  dashes  are  optional.  The  range  is  1  to  4094. 


all 


Remove  the  filter  from  all  VLANs. 


Defaults 


There  are  no  VLAN  filters. 


Command  Modes        Global  configuration 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


To  avoid  accidentally  dropping  too  many  packets  and  disabling  connectivity  in  the  middle  of  the 
configuration  process,  we  recommend  that  you  completely  define  the  VLAN  access  map  before  applying 
it  to  a  VLAN. 

For  more  information  about  VLAN  map  entries,  see  the  software  configuration  guide  for  this  release. 


Examples 


This  example  applies  VLAN  map  entry  mapl  to  VLANs  20  and  30: 

Switch (config) #  vlan  filter  mapl  vlan-list  20,  30 

This  example  shows  how  to  delete  VLAN  map  entry  macl  from  VLAN  20: 

Switch (config) #  no  vlan  filter  mapl  vlan-list  20 

You  can  verify  your  settings  by  entering  the  show  vlan  filter  privileged  EXEC  command. 
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Related  Commands      Command  Description 


show  vlan  access-map 

Displays  information  about  a  particular  VLAN  access  map  or  all  VLAN 

access  maps. 

show  vlan  filter 

Displays  information  about  all  VLAN  filters  or  about  a  particular  VLAN 

or  VLAN  access  map. 

vlan  access-map 

Creates  a  VLAN  map  entry  for  VLAN  packet  filtering. 
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vmps  reconfirm  (privileged  EXEC) 

Use  the  vmps  reconfirm  privileged  EXEC  command  to  immediately  send  VLAN  Query  Protocol  (VQP) 
queries  to  reconfirm  all  dynamic  VLAN  assignments  with  the  VLAN  Membership  Policy  Server 
(VMPS). 

vmps  reconfirm 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  No  default  is  defined. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Examples  This  example  shows  how  to  immediately  send  VQP  queries  to  the  VMPS: 

Switch#  vmps  reconfirm 

You  can  verify  your  setting  by  entering  the  show  vmps  privileged  EXEC  command  and  examining  the 
VMPS  Action  row  of  the  Reconfirmation  Status  section.  The  show  vmps  command  shows  the  result  of 
the  last  time  the  assignments  were  reconfirmed  either  because  the  reconfirmation  timer  expired  or 
because  the  vmps  reconfirm  command  was  entered. 


Related  Commands      Command  Description 


show  vmps 

Displays  VQP  and  VMPS  information. 

vmps  reconfirm  (global 
configuration) 

Changes  the  reconfirmation  interval  for  the  VQP  client. 
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vmps  reconfirm  (global  configuration) 


Use  the  vmps  reconfirm  global  configuration  command  to  change  the  reconfirmation  interval  for  the 
VLAN  Query  Protocol  (VQP)  client.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

vmps  reconfirm  interval 

no  vmps  reconfirm 


Syntax  Description 


interval 


Reconfirmation  interval  for  VQP  client  queries  to  the  VLAN  Membership  Policy 
Server  (VMPS)  to  reconfirm  dynamic  VLAN  assignments.  The  range  is  1  to  120 
minutes. 


Defaults 


The  default  reconfirmation  interval  is  60  minutes. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  set  the  VQP  client  to  reconfirm  dynamic  VLAN  entries  every  20  minutes: 

Switch (config) #  vmps  reconfirm  20 

You  can  verify  your  setting  by  entering  the  show  vmps  privileged  EXEC  command  and  examining 
information  in  the  Reconfirm  Interval  row. 


Related  Commands  Command 


Description 


show  vmps 


Displays  VQP  and  VMPS  information. 


vmps  reconfirm  (privileged  EXEC)  Sends  VQP  queries  to  reconfirm  all  dynamic  VLAN 

assignments  with  the  VMPS. 
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vmps  retry 


Use  the  vmps  retry  global  configuration  command  to  configure  the  per-server  retry  count  for  the  VLAN 
Query  Protocol  (VQP)  client.  Use  the  no  form  of  this  command  to  return  to  the  default  setting. 

vmps  retry  count 

no  vmps  retry 


Syntax  Description 


count  Number  of  attempts  to  contact  the  VLAN  Membership  Policy  Server  (VMPS)  by  the 

client  before  querying  the  next  server  in  the  list.  The  range  is  1  to  10. 


Defaults 


The  default  retry  count  is  3. 


Command  Modes        Global  configuration 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Examples 


This  example  shows  how  to  set  the  retry  count  to  7: 

Switch ( config) #  vmps  retry  7 

You  can  verify  your  setting  by  entering  the  show  vmps  privileged  EXEC  command  and  examining 
information  in  the  Server  Retry  Count  row. 


Related  Commands  Command 


Description 


show  vmps 


Displays  VQP  and  VMPS  information. 
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vmps  server 

Use  the  vmps  server  global  configuration  command  to  configure  the  primary  VLAN  Membership  Policy 
Server  (VMPS)  and  up  to  three  secondary  servers.  Use  the  no  form  of  this  command  to  remove  a  VMPS 
server. 

vmps  server  ipaddress  [primary] 
no  vmps  server  [ipaddress] 


Syntax  Description       ipaddress  IP  address  or  hostname  of  the  primary  or  secondary  VMPS  servers.  If  you  specify  a 

hostname,  the  Domain  Name  System  (DNS)  server  must  be  configured. 

primary  (Optional)  Decides  whether  primary  or  secondary  VMPS  servers  are  being 

configured. 


Defaults  No  primary  or  secondary  VMPS  servers  are  defined. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        The  first  server  entered  is  automatically  selected  as  the  primary  server  whether  or  not  primary  is 

entered.  The  first  server  address  can  be  overridden  by  using  primary  in  a  subsequent  command. 

If  a  member  switch  in  a  cluster  configuration  does  not  have  an  IP  address,  the  cluster  does  not  use  the 
VMPS  server  configured  for  that  member  switch.  Instead,  the  cluster  uses  the  VMPS  server  on  the 
command  switch,  and  the  command  switch  proxies  the  VMPS  requests.  The  VMPS  server  treats  the 
cluster  as  a  single  switch  and  uses  the  IP  address  of  the  command  switch  to  respond  to  requests. 

When  using  the  no  form  without  specifying  the  ipaddress,  all  configured  servers  are  deleted.  If  you 
delete  all  servers  when  dynamic-access  ports  are  present,  the  switch  cannot  forward  packets  from  new 
sources  on  these  ports  because  it  cannot  query  the  VMPS. 


Examples  This  example  shows  how  to  configure  the  server  with  IP  address  191.10.49.20  as  the  primary  VMPS 

server.  The  servers  with  IP  addresses  191.10.49.21  and  191.10.49.22  are  configured  as  secondary 
servers: 

Switch(config) #  vmps  server  191.10.49.20  primary 
Switch (config) #  vmps  server  191.10.49.21 
Switch (config) #  vmps  server  191.10.49.22 

This  example  shows  how  to  delete  the  server  with  IP  address  191.10.49.21: 

Switch (config) #  no  vmps  server  191.10.49.21 
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You  can  verify  your  setting  by  entering  the  show  vmps  privileged  EXEC  command  and  examining 
information  in  the  VMPS  Domain  Server  row. 


Related  Commands      Command  Description 


show  vmps  Displays  VQP  and  VMPS  information. 
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vtp  (global  configuration) 

Use  the  vtp  global  configuration  command  to  set  or  modify  the  VLAN  Trunking  Protocol  (VTP) 
configuration  characteristics.  Use  the  no  form  of  this  command  to  remove  the  settings  or  to  return  to  the 
default  settings. 

vtp  {domain  domain-name  I  file  filename  I  interface  name  [only]  I  mode  {client  I  server  I 
transparent}  I  password  password  I  pruning  I  version  number} 

no  vtp  {file  I  interface  I  mode  I  password  I  pruning  I  version} 


Syntax  Description       domain  domain-name     Specify  the  VTP  domain  name,  an  ASCII  string  from  1  to  32  characters  that 

identifies  the  VTP  administrative  domain  for  the  switch.  The  domain  name 
is  case  sensitive. 


file  filename 

Specify  the  Cisco  IOS  file  system  file  where  the  VTP  VLAN  configuration 

is  stored. 

interface  name 

Specify  the  name  of  the  interface  providing  the  VTP  ID  updated  for  this 

device. 

only 

(Optional)  Use  only  the  IP  address  of  this  interface  as  the  VTP  IP  updater. 

mode 

Specify  the  VTP  device  mode  as  client,  server,  or  transparent. 

client  Place  the  switch  in  VTP  client  mode.  A  switch  in  VTP  client  mode  is  enabled 


for  VTP,  and  can  send  advertisements,  but  does  not  have  enough  nonvolatile 
storage  to  store  VLAN  configurations.  You  cannot  configure  VLANs  on  the 
switch.  When  a  VTP  client  starts  up,  it  does  not  send  VTP  advertisements 
until  it  receives  advertisements  to  initialize  its  VLAN  database. 

server  Place  the  switch  in  VTP  server  mode.  A  switch  in  VTP  server  mode  is 

enabled  for  VTP  and  sends  advertisements.  You  can  configure  VLANs  on  the 
switch.  The  switch  can  recover  all  the  VLAN  information  in  the  current  VTP 
database  from  nonvolatile  storage  after  reboot. 

transparent  Place  the  switch  in  VTP  transparent  mode.  A  switch  in  VTP  transparent 

mode  is  disabled  for  VTP,  does  not  send  advertisements  or  learn  from 
advertisements  sent  by  other  devices,  and  cannot  affect  VLAN 
configurations  on  other  devices  in  the  network.  The  switch  receives  VTP 
advertisements  and  forwards  them  on  all  trunk  ports  except  the  one  on  which 
the  advertisement  was  received. 

When  VTP  mode  is  transparent,  the  mode  and  domain  name  are  saved  in  the 
switch  running  configuration  file,  and  you  can  save  them  in  the  switch 
startup  configuration  file  by  entering  the  copy  running-config  startup 
config  privileged  EXEC  command. 

password  password        Set  the  administrative  domain  password  for  the  generation  of  the  16-byte 

secret  value  used  in  MD5  digest  calculation  to  be  sent  in  VTP  advertisements 
and  to  validate  received  VTP  advertisements.  The  password  can  be  an  ASCII 
string  from  1  to  32  characters.  The  password  is  case  sensitive. 

pruning  Enable  VTP  pruning  on  the  switch. 

version  number  Set  VTP  version  to  Version  1  or  Version  2. 
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Defaults  The  default  filename  is  flash:vlan.dat. 

The  default  mode  is  server  mode. 

No  domain  name  or  password  is  defined. 

No  password  is  configured. 

Pruning  is  disabled. 

The  default  version  is  Version  1. 


Command  Modes        Global  configuration 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        When  you  save  VTP  mode,  domain  name,  and  VLAN  configurations  in  the  switch  startup  configuration 
file  and  reboot  the  switch,  the  VTP  and  VLAN  configurations  are  selected  by  these  conditions: 

•  If  both  the  VLAN  database  and  the  configuration  file  show  the  VTP  mode  as  transparent  and  the 
VTP  domain  names  match,  the  VLAN  database  is  ignored.  The  VTP  and  VLAN  configurations  in 
the  startup  configuration  file  are  used.  The  VLAN  database  revision  number  remains  unchanged  in 
the  VLAN  database. 

•  If  the  startup  VTP  mode  is  server  mode,  or  the  startup  VTP  mode  or  domain  names  do  not  match  the 
VLAN  database,  VTP  mode  and  VLAN  configuration  for  the  first  1005  VLANs  are  selected  by 
VLAN  database  information,  and  VLANs  greater  than  1005  are  configured  from  the  switch 
configuration  file. 

The  vtp  file  filename  cannot  be  used  to  load  a  new  database;  it  renames  only  the  file  in  which  the  existing 
database  is  stored. 

Follow  these  guidelines  when  configuring  a  VTP  domain  name: 

•  The  switch  is  in  the  no-management-domain  state  until  you  configure  a  domain  name.  While  in  the 
no-management-domain  state,  the  switch  does  not  send  any  VTP  advertisements  even  if  changes 
occur  to  the  local  VLAN  configuration.  The  switch  leaves  the  no-management-domain  state  after  it 
receives  the  first  VTP  summary  packet  on  any  port  that  is  trunking  or  after  you  configure  a  domain 
name  by  using  the  vtp  domain  command.  If  the  switch  receives  its  domain  from  a  summary  packet, 
it  resets  its  configuration  revision  number  to  0.  After  the  switch  leaves  the  no-management-domain 
state,  it  can  no  be  configured  to  re-enter  it  until  you  clear  the  NVRAM  and  reload  the  software. 

•  Domain  names  are  case-sensitive. 

•  After  you  configure  a  domain  name,  it  cannot  be  removed.  You  can  only  reassign  it  to  a  different 
domain. 
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Follow  these  guidelines  when  setting  VTP  mode: 

•  The  no  vtp  mode  command  returns  the  switch  to  VTP  server  mode. 

•  The  vtp  mode  server  command  is  the  same  as  no  vtp  mode  except  that  it  does  not  return  an  error 
if  the  switch  is  not  in  client  or  transparent  mode. 

•  If  the  receiving  switch  is  in  client  mode,  the  client  switch  changes  its  configuration  to  duplicate  the 
configuration  of  the  server.  If  you  have  switches  in  client  mode,  be  sure  to  make  all  VTP  or  VLAN 
configuration  changes  on  a  switch  in  server  mode.  If  the  receiving  switch  is  in  server  mode  or 
transparent  mode,  the  switch  configuration  is  not  changed. 

•  Switches  in  transparent  mode  do  not  participate  in  VTP.  If  you  make  VTP  or  VLAN  configuration 
changes  on  a  switch  in  transparent  mode,  the  changes  are  not  propagated  to  other  switches  in  the 
network. 

•  If  you  change  the  VTP  or  VLAN  configuration  on  a  switch  that  is  in  server  mode,  that  change  is 
propagated  to  all  the  switches  in  the  same  VTP  domain. 

•  The  vtp  mode  transparent  command  disables  VTP  from  the  domain  but  does  not  remove  the 
domain  from  the  switch. 

•  The  VTP  mode  must  be  transparent  for  you  to  add  extended-range  VLANs  or  for  VTP  and  VLAN 
information  to  be  saved  in  the  running  configuration  file. 

•  If  extended-range  VLANs  are  configured  on  the  switch  and  you  attempt  to  set  the  VTP  mode  to 
server  or  client,  you  receive  an  error  message,  and  the  configuration  is  not  allowed. 

•  VTP  can  be  set  to  either  server  or  client  mode  only  when  dynamic  VLAN  creation  is  disabled. 
Follow  these  guidelines  when  setting  a  VTP  password: 

•  Passwords  are  case  sensitive.  Passwords  should  match  on  all  switches  in  the  same  domain. 

•  When  you  use  the  no  vtp  password  form  of  the  command,  the  switch  returns  to  the  no-password 
state. 

Follow  these  guidelines  when  setting  VTP  pruning: 

•  VTP  pruning  removes  information  about  each  pruning-eligible  VLAN  from  VTP  updates  if  there 
are  no  stations  belonging  to  that  VLAN. 

•  If  you  enable  pruning  on  the  VTP  server,  it  is  enabled  for  the  entire  management  domain  for  VLAN 
IDs  1  to  1005. 

•  Only  VLANs  in  the  pruning-eligible  list  can  be  pruned. 

•  Pruning  is  supported  with  VTP  Version  1  and  Version  2. 
Follow  these  guidelines  when  setting  the  VTP  version: 

•  Toggling  the  Version  2  (v2)  mode  state  modifies  parameters  of  certain  default  VLANs. 

•  Each  VTP  switch  automatically  detects  the  capabilities  of  all  the  other  VTP  devices.  To  use 
Version  2,  all  VTP  switches  in  the  network  must  support  Version  2;  otherwise,  you  must  configure 
them  to  operate  in  VTP  Version  1  mode. 

•  If  all  switches  in  a  domain  are  VTP  Version  2-capable,  you  need  only  to  configure  Version  2  on  one 
switch;  the  version  number  is  then  propagated  to  the  other  Version-2  capable  switches  in  the  VTP 
domain. 

•  If  you  are  using  VTP  in  a  Token  Ring  environment,  VTP  Version  2  must  be  enabled. 
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•  If  you  are  configuring  a  Token  Ring  bridge  relay  function  (TrBRF)  or  Token  Ring  concentrator  relay 
function  (TrCRF)  VLAN  media  type,  you  must  use  Version  2. 

•  If  you  are  configuring  a  Token  Ring  or  Token  Ring-NET  VLAN  media  type,  you  must  use  Version  1 . 
You  cannot  save  password,  pruning,  and  version  configurations  in  the  switch  configuration  file. 


Examples  This  example  shows  how  to  rename  the  filename  for  VTP  configuration  storage  to  vtpfilename: 

Switch ( config) #  vtp  file  vtpfilename 

This  example  shows  how  to  clear  the  device  storage  filename: 

Switch (config) #  no  vtp  file  vtpconfig 

Clearing  device  storage  filename. 

This  example  shows  how  to  specify  the  name  of  the  interface  providing  the  VTP  updater  ID  for  this 
device: 

Switch (config) #  vtp  interface  gigabitethernet 

This  example  shows  how  to  set  the  administrative  domain  for  the  switch: 

Switch ( config) #  vtp  domain  OurDomainName 

This  example  shows  how  to  place  the  switch  in  VTP  transparent  mode: 

Switch ( config) #  vtp  mode  transparent 

This  example  shows  how  to  configure  the  VTP  domain  password: 

Switch ( config) #  vtp  password  ThisIsOurDomain' sPassword 

This  example  shows  how  to  enable  pruning  in  the  VLAN  database: 

Switch (config) #  vtp  pruning 

Pruning  switched  ON 

This  example  shows  how  to  enable  Version  2  mode  in  the  VLAN  database: 

Switch (config) #  vtp  version  2 

You  can  verify  your  settings  by  entering  the  show  vtp  status  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  vtp  status 

Displays  the  VTP  statistics  for  the  switch  and  general  information  about  the 
VTP  management  domain  status. 

vtp  (VLAN 
configuration) 

Configures  VTP  domain-name,  password,  pruning,  version,  and  mode. 
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vtp  (VLAN  configuration) 

Use  the  vtp  VLAN  configuration  command  to  configure  VLAN  Trunking  Protocol  (VTP) 
characteristics.  You  access  VLAN  configuration  mode  by  entering  the  vlan  database  privileged  EXEC 
command.  Use  the  no  form  of  this  command  to  return  to  the  default  settings,  disable  the  characteristic, 
or  remove  the  password. 

vtp  {domain  domain-name  I  password  password  I  pruning  I  v2-mode  I  {server  I  client  I 
transparent} } 

no  vtp  {client  I  password  I  pruning  I  transparent  I  v2-mode} 


Syntax  Description 


domain  domain-name 


password  password 


Set  the  VTP  domain  name  by  entering  an  ASCII  string  from  1  to  32 
characters  that  identifies  the  VTP  administrative  domain  for  the  switch.  The 
domain  name  is  case  sensitive. 

Set  the  administrative  domain  password  for  the  generation  of  the  16-byte 
secret  value  used  in  MD5  digest  calculation  to  be  sent  in  VTP  advertisements 
and  to  validate  received  VTP  advertisements.  The  password  can  be  an  ASCII 
string  from  1  to  32  characters.  The  password  is  case  sensitive. 

pruning  Enable  pruning  in  the  VTP  administrative  domain.  VTP  pruning  causes 

information  about  each  pruning-eligible  VLAN  to  be  removed  from  VTP 
updates  if  there  are  no  stations  belonging  to  that  VLAN. 

v2-mode  Enable  VLAN  Trunking  Protocol  (VTP)  Version  2  in  the  administrative 

domains. 

client  Place  the  switch  in  VTP  client  mode.  A  switch  in  VTP  client  mode  is  enabled 

for  VTP,  can  send  advertisements,  but  does  not  have  enough  nonvolatile 
storage  to  store  VLAN  configurations.  You  cannot  configure  VLANs  on  it. 
When  a  VTP  client  starts  up,  it  does  not  send  VTP  advertisements  until  it 
receives  advertisements  to  initialize  its  VLAN  database. 

server  Place  the  switch  in  VTP  server  mode.  A  switch  in  VTP  server  mode  is 

enabled  for  VTP  and  sends  advertisements.  You  can  configure  VLANs  on  it. 
The  switch  can  recover  all  the  VLAN  information  in  the  current  VTP 
database  from  nonvolatile  storage  after  reboot. 


transparent 


Place  the  switch  in  VTP  transparent  mode.  A  switch  in  VTP  transparent 
mode  is  disabled  for  VTP,  does  not  send  advertisements  or  learn  from 
advertisements  sent  by  other  devices,  and  cannot  affect  VLAN 
configurations  on  other  devices  in  the  network.  The  switch  receives  VTP 
advertisements  and  forwards  them  on  all  trunk  ports  except  the  one  on  which 
the  advertisement  was  received. 


Defaults  The  default  mode  is  server  mode. 

No  domain  name  is  defined. 

No  password  is  configured. 

Pruning  is  disabled. 

VTP  Version  2  (v2  mode)  is  disabled. 
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Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        If  the  VTP  mode  is  transparent,  the  mode  and  domain  name  are  saved  in  the  switch  running  configuration 
file,  and  you  can  save  the  configuration  in  the  switch  startup  configuration  file  by  using  the  copy 
running-config  startup-config  privileged  EXEC  command. 

Follow  these  guidelines  when  setting  the  VTP  mode: 

•  The  no  vtp  client  and  no  vtp  transparent  forms  of  the  command  return  the  switch  to  VTP  server 
mode. 

•  The  vtp  server  command  is  the  same  as  no  vtp  client  or  no  vtp  transparent  except  that  it  does  not 
return  an  error  if  the  switch  is  not  in  client  or  transparent  mode. 

•  If  the  receiving  switch  is  in  client  mode,  the  client  switch  changes  its  configuration  to  duplicate  the 
configuration  of  the  server.  If  you  have  switches  in  client  mode,  make  sure  to  make  all  VTP  or 
VLAN  configuration  changes  on  a  switch  in  server  mode.  If  the  receiving  switch  is  in  server  mode 
or  transparent  mode,  the  switch  configuration  is  not  changed. 

•  Switches  in  transparent  mode  do  not  participate  in  VTP.  If  you  make  VTP  or  VLAN  configuration 
changes  on  a  switch  in  transparent  mode,  the  changes  are  not  propagated  to  other  switches  in  the 
network. 

•  If  you  make  a  change  to  the  VTP  or  VLAN  configuration  on  a  switch  in  server  mode,  that  change  is 
propagated  to  all  the  switches  in  the  same  VTP  domain. 

•  The  vtp  transparent  command  disables  VTP  from  the  domain  but  does  not  remove  the  domain  from 
the  switch. 

•  The  VTP  mode  must  be  transparent  for  you  to  add  extended-range  VLANs  or  for  the  VTP  and  the 
VLAN  configurations  to  be  saved  in  the  running  configuration  file. 

•  If  extended-range  VLANs  are  configured  on  the  switch  and  you  attempt  to  set  the  VTP  mode  to 
server  or  client,  you  receive  an  error  message  and  the  configuration  is  not  allowed. 

•  VTP  can  be  set  to  either  server  or  client  mode  only  when  dynamic  VLAN  creation  is  disabled. 

X   

Note      VTP  configuration  in  VLAN  configuration  mode  is  saved  in  the  VLAN  database  when  applied. 
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Follow  these  guidelines  when  configuring  a  VTP  domain  name: 

•  The  switch  is  in  the  no-management-domain  state  until  you  configure  a  domain  name.  While  in  the 
no-management-domain  state,  the  switch  does  not  send  any  VTP  advertisements  even  if  changes 
occur  to  the  local  VLAN  configuration.  The  switch  leaves  the  no-management-domain  state  after 
receiving  the  first  VTP  summary  packet  on  any  port  that  is  currently  trunking  or  after  configuring  a 
domain  name  with  the  vtp  domain  command.  If  the  switch  receives  its  domain  from  a  summary 
packet,  it  resets  its  configuration  revision  number  to  zero.  After  the  switch  leaves  the 
no-management-domain  state,  it  can  never  be  configured  to  reenter  it  until  you  clear  the  NVRAM 
and  reload  the  software. 

•  Domain  names  are  case  sensitive. 

•  After  you  configure  a  domain  name,  it  cannot  be  removed.  You  can  reassign  it  only  to  a  different 
domain. 

Follow  these  guidelines  when  configuring  a  VTP  password: 

•  Passwords  are  case  sensitive.  Passwords  should  match  on  all  switches  in  the  same  domain. 

•  When  the  no  vtp  password  form  of  the  command  is  used,  the  switch  returns  to  the  no-password 
state. 

Follow  these  guidelines  when  enabling  VTP  pruning: 

•  If  you  enable  pruning  on  the  VTP  server,  it  is  enabled  for  the  entire  management  domain. 

•  Only  VLANs  included  in  the  pruning-eligible  list  can  be  pruned. 

•  Pruning  is  supported  with  VTP  Version  1  and  Version  2. 
Follow  these  guidelines  when  enabling  VTP  Version  2  (v2-mode): 

•  Toggling  the  version  (v2-mode)  state  modifies  certain  parameters  of  certain  default  VLANs. 

•  Each  VTP  switch  automatically  detects  the  capabilities  of  all  the  other  VTP  devices.  To  use  VTP 
Version  2,  all  VTP  switches  in  the  network  must  support  Version  2;  otherwise,  you  must  configure 
them  to  operate  in  VTP  Version  1  (no  vtp  v2-mode). 

•  If  all  switches  in  a  domain  are  VTP  Version  2-capable,  you  need  only  to  enable  VTP  Version  2  on 
one  switch;  the  version  number  is  then  propagated  to  the  other  Version-2  capable  switches  in  the 
VTP  domain. 

•  If  you  are  using  VTP  in  a  Token  Ring  environment  or  configuring  a  Token  Ring  bridge  relay  function 
(TrBRF)  or  Token  Ring  concentrator  relay  function  (TrCRF)  VLAN  media  type,  VTP  Version  2 
(v2-mode)  must  be  enabled. 

•  If  you  are  configuring  a  Token  Ring  or  Token  Ring-NET  VLAN  media  type,  you  must  use  VTP 
Version  1. 
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Examples  This  example  shows  how  to  place  the  switch  in  VTP  transparent  mode: 

Switch (vlan) #  vtp  transparent 

Setting  device  to  VTP  TRANSPARENT  mode. 

This  example  shows  how  to  set  the  administrative  domain  for  the  switch: 

Switch (vlan) #  vtp  domain  OurDomainName 

Changing  VTP  domain  name  from  cisco  to  OurDomainName 

This  example  shows  how  to  configure  the  VTP  domain  password: 

Switch (vlan) #  vtp  password  private 

Setting  device  VLAN  database  password  to  private. 

This  example  shows  how  to  enable  pruning  in  the  proposed  new  VLAN  database: 

Switch (vlan) #  vtp  pruning 

Pruning  switched  ON 

This  example  shows  how  to  enable  v2  mode  in  the  proposed  new  VLAN  database: 

Switch (vlan) #  vtp  v2-mode 

V2  mode  enabled. 

You  can  verify  your  settings  by  entering  the  show  vtp  status  privileged  EXEC  command. 


Related  Commands      Command  Description 


show  vtp  status 

Displays  the  VTP  statistics  for  the  switch  and  general  information  about  the 

VTP  management  domain  status. 

switchport  trunk 

Configures  the  VLAN  pruning-eligible  list  for  ports  in  trunking  mode. 

pruning 

vtp  (global 

Configures  the  VTP  filename,  interface,  domain  name,  and  mode. 

configuration) 
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APPENDIX 


CGESM  Switch  Bootloader  Commands 


This  appendix  describes  the  bootloader  commands  on  the  switch. 

During  normal  bootloader  operation,  you  are  not  presented  with  the  bootloader  command-line  prompt. 
You  gain  access  to  the  bootloader  command  line  if  the  switch  is  set  to  manually  boot,  if  an  error  occurs 
during  power-on  self  test  (POST)  DRAM  testing,  or  if  an  error  occurs  while  loading  the  operating  system 
(a  corrupted  Cisco  IOS  image).  You  can  also  access  the  bootloader  if  you  have  lost  or  forgotten  the 
switch  password. 

X   

Note      The  default  switch  configuration  allows  an  end  user  with  physical  access  to  the  switch  to  recover  from 
a  lost  password  by  interrupting  the  boot  process  while  the  switch  is  powering  up  and  then  entering  a  new 
password.  The  password  recovery  disable  feature  allows  the  system  administrator  to  protect  access  to 
the  switch  password  by  disabling  part  of  this  functionality  and  allowing  the  user  to  interrupt  the  boot 
process  only  by  agreeing  to  set  the  system  back  to  the  default  configuration.  With  password  recovery 
disabled,  the  user  can  still  interrupt  the  boot  process  and  change  the  password,  but  the  configuration  file 
(config.text)  and  the  VLAN  database  file  (vlan.dat)  are  deleted.  For  more  information,  see  the  Gigabit 
Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Software  Configuration  GuidesofWare 
configuration  guide  for  this  release. 

You  can  access  the  bootloader  through  a  switch  console  connection  at  9600  bps. 

The  bootloader  performs  low-level  CPU  initialization,  performs  POST,  and  loads  a  default  operating 
system  image  into  memory. 
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boot 


Use  the  boot  bootloader  command  to  load  and  boot  an  executable  image  and  to  enter  the  command-line 
interface. 

boot  [-post  I  -n  I  -p  I  flag]  filesystem:/file-url ... 


Syntax  Description  -post 


(Optional)  Run  the  loaded  image  with  an  extended  or  comprehensive  power-on 
self-test  (POST).  Using  this  keyword  causes  POST  to  take  longer  to  complete. 

-n  (Optional)  Pause  for  the  Cisco  IOS  debugger  immediately  after  launching. 

-p  (Optional)  Pause  for  the  JTAG  debugger  right  after  loading  the  image. 

filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

/file-url  (Optional)  Path  (directory)  and  name  of  a  bootable  image.  Separate  image  names 

with  a  semicolon. 


Defaults 


The  switch  attempts  to  automatically  boot  the  system  by  using  information  in  the  BOOT  environment 
variable.  If  this  variable  is  not  set,  the  switch  attempts  to  load  and  execute  the  first  executable  image  it 
can  by  performing  a  recursive,  depth-first  search  throughout  the  flash  file  system.  In  a  depth-first  search 
of  a  directory,  each  encountered  subdirectory  is  completely  searched  before  continuing  the  search  in  the 
original  directory. 


Command  Modes 


Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


When  you  enter  the  boot  command  without  any  arguments,  the  switch  attempts  to  automatically  boot 
the  system  by  using  the  information  in  the  BOOT  environment  variable,  if  any.  If  you  supply  an  image 
name  for  the  file-url  variable,  the  boot  command  attempts  to  boot  the  specified  image. 

When  you  set  bootloader  boot  command  options,  they  are  executed  immediately  and  apply  only  to  the 
current  bootloader  session.  These  settings  are  not  saved  for  the  next  boot  operation. 

Filenames  and  directory  names  are  case  sensitive. 


Examples  This  example  shows  how  to  boot  the  switch  using  the  new-image. bin  image: 

switch:  boot  flash: /new- images/new- image. bin 

After  entering  this  command,  you  are  prompted  to  start  the  setup  program. 
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Related  Commands      Command  Description 


set  Sets  the  BOOT  environment  variable  to  boot  a  specific  image  when  the 

BOOT  keyword  is  appended  to  the  command. 
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cat 

Use  the  cat  bootloader  command  to  display  the  contents  of  one  or  more  files, 
cat  filesystem:lfile-url ... 


Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url  Path  (directory)  and  name  of  the  files  to  display.  Separate  each  filename  with  a  space. 


Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 

If  you  specify  a  list  of  files,  the  contents  of  each  file  appears  sequentially. 


Examples  This  example  shows  how  to  display  the  contents  of  two  files: 

switch:   cat  flash: cgesm-i612-mz . 122-25 . SE/info 
version_suf f ix:    i612-122-25 . SE 
version_directory :   cgesm-i612-mz . 122-25 . SE 
image_system_type_id:  0x00000000 
image_name :   cgesm- i612-mz.l22-25.SE.bin 
ios_image_f ile_size :  4391936 
total_image_f ile_size :  5906944 
image_f eature :   LAYER_2  MIN_DRAM_MEG=32 
image_f amily :  CGESM 
stacking_number :  1.7 
board_ids:  0x00000021 
inf o_end : 


Related  Commands      Command  Description 


more 

Displays  the  contents  of  one  or  more  files. 

type 

Displays  the  contents  of  one  or  more  files. 

Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Appendix  A    CGESM  Switch  Bootloader  Commands 


copy  ■ 


copy 


Use  the  copy  bootloader  command  to  copy  a  file  from  a  source  to  a  destination, 
copy  [-b  block-size]  filesystem:!  source-file-url  filesystem:ldestination-file-url 


Syntax  Description 


-b  block-size 

(Optional)  This  option  is  used  only  for  internal  development  and  testing. 

filesystem: 

Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

1  source-file-url 

Path  (directory)  and  filename  (source)  to  be  copied. 

1 'destination- file -url 

Path  (directory)  and  filename  of  the  destination. 

Defaults 


The  default  block  size  is  4  KB. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Filenames  and  directory  names  are  case  sensitive. 

Directory  names  are  limited  to  45  characters  between  the  slashes  (/);  the  name  cannot  contain  control 
characters,  spaces,  deletes,  slashes,  quotes,  semicolons,  or  colons. 

Filenames  are  limited  to  45  characters;  the  name  cannot  contain  control  characters,  spaces,  deletes, 
slashes,  quotes,  semicolons,  or  colons. 

If  you  are  copying  a  file  to  a  new  directory,  the  directory  must  already  exist. 


Examples 


This  example  shows  how  to  copy  a  file  at  the  root: 

switch:   copy  f lash: testl. text  flash : test4 . text 

File  " flash : testl . text "   successfully  copied  to   " flash : test4 . text " 

You  can  verify  that  the  file  was  copied  by  entering  the  Air  filesystem:  bootloader  command. 


Related  Commands  Command 


delete 


Description 


Deletes  one  or  more  files  from  the  specified  file  system. 
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delete 


Use  the  delete  bootloader  command  to  delete  one  or  more  files  from  the  specified  file  system, 
delete  file  system:! file -url ... 


Syntax  Description  filesystem: 
Ifile-url 


Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 
Path  (directory)  and  filename  to  delete.  Separate  each  filename  with  a  space. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 

The  switch  prompts  you  for  confirmation  before  deleting  each  file. 


Examples 


This  example  shows  how  to  delete  two  files: 

switch:  delete  f lash: test2 .text  f lash : test 5 . text 

Are  you  sure  you  want  to  delete   " flash : test2 . text "    (y/n) ?y 
File  " flash: test2 . text "  deleted 

Are  you  sure  you  want  to  delete  " flash : test5 . text "    (y/n) ?y 
File  " flash : test2 . text "  deleted 

You  can  verify  that  the  files  were  deleted  by  entering  the  dir  flash:  bootloader  command. 


Related  Commands  Command 


Description 


copy 


Copies  a  file  from  a  source  to  a  destination. 
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dir 

Use  the  dir  bootloader  command  to  display  a  list  of  files  and  directories  on  the  specified  file  system, 
dir  filesystem:lfile-url ... 

Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url  (Optional)  Path  (directory)  and  directory  name  whose  contents  you  want  to 

display.  Separate  each  directory  name  with  a  space. 


Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Directory  names  are  case  sensitive. 


Examples  This  example  shows  how  to  display  the  files  in  flash  memory: 

switch:  dir  flash: 

Directory  of  flash:/ 


3 

-rwx 

1839 

Mar 

01 

2002 

00 

48 

15 

conf ig . text 

11 

-rwx 

1140 

Mar 

01 

2002 

04 

18 

48 

vlan . dat 

21 

-rwx 

26 

Mar 

01 

2002 

00 

01 

39 

env_vars 

9 

drwx 

768 

Mar 

01 

2002 

23 

11 

42 

html 

16 

-rwx 

1037 

Mar 

01 

2002 

00 

01 

11 

conf ig . text 

14 

-rwx 

1099 

Mar 

01 

2002 

01 

14 

05 

homepage . htm 

22 

-rwx 

96 

Mar 

01 

2002 

00 

01 

39 

system_env_vars 

17 

drwx 

192 

Mar 

06 

2002 

23 

22 

03 

cgesm-i612-mz . 122-25 . SE 

15998976  bytes  total    (6397440  bytes  free) 

Table  A-l  describes  the  fields  in  the  display. 
Table  A-1  dir  Field  Descriptions 


Field 

Description 

2 

Index  number  of  the  file. 

-rwx 

File  permission,  which  can  be  any  or  all  of  the  following: 

•    d — directory 

•    r — readable 

•    w — writable 

•    x — executable 
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Table  A-1  dir  Field  Descriptions  (continued) 


Field 

Description 

1644045 

Size  of  the  file. 

<date> 

Last  modification  date. 

env_vars 

Filename. 

Related  Commands      Command  Description 


mkdir 

Creates  one  or  more  directories. 

rmdir 

Removes  one  or  more  directories. 
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flash  init 


Use  the  flash_init  bootloader  command  to  initialize  the  flash  file  system, 
flash  init 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  The  flash  file  system  is  automatically  initialized  during  normal  system  operation. 


Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


flash  in  it 


Usage  Guidelines        During  the  normal  boot  process,  the  flash  file  system  is  automatically  initialized. 

Use  this  command  to  manually  initialize  the  flash  file  system.  For  example,  you  use  this  command 
during  the  recovery  procedure  for  a  lost  or  forgotten  password. 
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format 


Use  the  format  bootloader  command  to  format  the  specified  file  system  and  destroy  all  data  in  that  file 
system. 

format  file  system : 


Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 

A 


Caution      Use  this  command  with  care;  it  destroys  all  data  on  the  file  system  and  renders  your  system  unusable. 
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fsck  ■ 


fsck 


Use  the  fsck  bootloader  command  to  check  the  file  system  for  consistency, 
fsck  [-test  I  -f\  file  system: 


Syntax  Description  -test 


-f 


filesystem: 


(Optional)  Initialize  the  file  system  code  and  perform  extra  POST  on  flash  memory. 
An  extensive,  nondestructive  memory  test  is  performed  on  every  byte  that  makes  up 
the  file  system. 

(Optional)  Initialize  the  file  system  code  and  perform  a  fast  file  consistency  check. 
Cyclic  redundancy  checks  (CRCs)  in  the  flashfs  sectors  are  not  checked. 

Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 


Defaults 


No  file  system  check  is  performed. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines        To  stop  an  in-progress  file  system  consistency  check,  disconnect  the  switch  power  and  then  reconnect 
the  power. 


Examples 


This  example  shows  how  to  perform  an  extensive  file  system  check  on  flash  memory: 

switch:   fsck  -test  flash: 
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■  help 

help 

Use  the  help  bootloader  command  to  display  the  available  commands, 
help 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines        You  can  also  use  the  question  mark  (?)  to  display  a  list  of  available  bootloader  commands. 
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loadjielper  I 


load  helper 


Use  the  load_helper  bootloader  command  to  load  and  initialize  one  or  more  helper  images,  which 
extend  or  patch  the  functionality  of  the  bootloader. 

loadjielper  filesystem:lfile-url ... 


Syntax  Description  filesystem: 
Ifile-url 


Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Path  (directory)  and  a  list  of  loadable  helper  files  to  dynamically  load  during 
loader  initialization.  Separate  each  image  name  with  a  semicolon. 


Defaults 


No  helper  files  are  loaded. 


Command  Modes  Bootloader 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  load_helper  command  searches  for  loadable  files  only  if  the  HELPER  environment  variable  is  set. 
Filenames  and  directory  names  are  case  sensitive. 
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memory 
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Use  the  memory  bootloader  command  to  display  memory  heap  utilization  information, 
memory 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Modes 


Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Examples 


This  example  shows  how  to  display  memory  heap  utilization  information: 


switch: 
Text : 
Rotext : 
Data: 
Bss : 
Heap : 


memory 

0x00700000 
0x00000000 
0x0071cf24 
0x0072529c 
0x00756f98 


0x0071cf24  (0x0001cf24  bytes) 

0x00000000  (0x00000000  bytes) 

0x00723a0c  (0x00006ae8  bytes) 

0x00746f94  (0x00021cf8  bytes) 

0x00800000  (0x000a9068  bytes) 


Bottom  heap  utilization  is  22  percent. 
Top  heap  utilization  is  0  percent. 
Total  heap  utilization  is  22  percent. 
Total  bytes:    0xa9068  (692328) 
Bytes  used:    0x26888  (157832) 
Bytes  available:    0x827e0  (534496) 

Alternate  heap  utilization  is  0  percent. 
Total  alternate  heap  bytes:   0x6fd000  (7327744) 
Alternate  heap  bytes  used:   0x0  (0) 

Alternate  heap  bytes  available:   0x6fd000  (7327744) 

Table  A-2  describes  the  fields  in  the  display. 
Table  A-2         memory  Field  Descriptions 


Field 

Description 

Text 

Beginning  and  ending  address  of  the  text  storage  area. 

Rotext 

Beginning  and  ending  address  of  the  read-only  text  storage  area.  This  part  of  the  data 
segment  is  grouped  with  the  Text  entry. 

Data 

Beginning  and  ending  address  of  the  data  segment  storage  area. 

Bss 

Beginning  and  ending  address  of  the  block  started  by  symbol  (Bss)  storage  area.  It 
is  initialized  to  zero. 

Heap 

Beginning  and  ending  address  of  the  area  in  memory  that  memory  is  dynamically 
allocated  to  and  freed  from. 
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mkdir  M 


mkdir 


Use  the  mkdir  bootloader  command  to  create  one  or  more  new  directories  on  the  specified  file  system, 
mkdir  filesystem:!  directory -url ... 


Syntax  Description  filesystem: 

I  directory -url 


Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 
Name  of  the  directories  to  create.  Separate  each  directory  name  with  a  space. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       Directory  names  are  case  sensitive. 


Directory  names  are  limited  to  45  characters  between  the  slashes  (/);  the  name  cannot  contain  control 
characters,  spaces,  deletes,  slashes,  quotes,  semicolons,  or  colons. 


Examples  This  example  shows  how  to  make  a  directory  called  Saved_Configs: 

switch:  mkdir  flash: Saved  Configs 

Directory  " flash : Saved_Conf igs "  created 

This  example  shows  how  to  make  two  directories: 

switch:  mkdir  flash: SavedConf igsl  flash: Test 

Directory  " flash : Saved_Conf igsl "  created 
Directory  "flash: Test"  created 

You  can  verify  that  the  directory  was  created  by  entering  the  dir  filesystem:  bootloader  command. 


Related  Commands      Command  Description 


dir 

Displays  a  list  of  files  and  directories  on  the  specified  file  system. 

rmdir 

Removes  one  or  more  directories  from  the  specified  file  system. 
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more 

Use  the  more  bootloader  command  to  display  the  contents  of  one  or  more  files, 
more  filesystem:lfile-url ... 


Syntax  Description      filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url  Path  (directory)  and  name  of  the  files  to  display.  Separate  each  filename  with 

a  space. 


Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       Filenames  and  directory  names  are  case  sensitive. 

If  you  specify  a  list  of  files,  the  contents  of  each  file  appears  sequentially. 


Examples  This  example  shows  how  to  display  the  contents  of  two  files: 

switch:  more  flash: cgesm-i612-mz . 122-25 . SE/info 
version_suf f ix:    i612-122-25 . SE 
version_directory :   cgesm-i612-mz . 122-25 . SE 
image_system_type_id:  0x00000000 
image_name :   cgesm-i612 -mz . 122 -2  5 . SE . bin 
ios_image_f ile_size :  4391936 
total_image_f ile_size :  5906944 
image_f eature :   LAYER_2  MIN_DRAM_MEG=32 
image_f amily :  CGESM 
stacking_number :  1.7 
board_ids:  0x00000021 
inf o_end : 


Related  Commands      Command  Description 


cat 

Displays  the  contents  of  one  or  more  files. 

type 

Displays  the  contents  of  one  or  more  files. 
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rename  B 


rename 


Syntax  Description 


Use  the  rename  bootloader  command  to  rename  a  file. 

rename  filesystem:/ 'source- file-url  filesy stem:! 'destination-file-url 


filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

I source-file-url  Original  path  (directory)  and  filename. 


I  destination-file-url     New  path  (directory)  and  filename. 


Command  Modes 


Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Filenames  and  directory  names  are  case  sensitive. 

Directory  names  are  limited  to  45  characters  between  the  slashes  (/);  the  name  cannot  contain  control 
characters,  spaces,  deletes,  slashes,  quotes,  semicolons,  or  colons. 

Filenames  are  limited  to  45  characters;  the  name  cannot  contain  control  characters,  spaces,  deletes, 
slashes,  quotes,  semicolons,  or  colons. 


Examples 


This  example  shows  a  file  named  config.text  being  renamed  to  configl .text: 

switch:   rename  flash: config.text  flash: configl . text 

You  can  verify  that  the  file  was  renamed  by  entering  the  dir  filesystem:  bootloader  command. 


Related  Commands  Command 


Description 


copy 


Copies  a  file  from  a  source  to  a  destination. 
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reset 


Use  the  reset  bootloader  command  to  perform  a  hard  reset  on  the  system.  A  hard  reset  is  similar  to 
power-cycling  the  switch,  clearing  the  processor,  registers,  and  memory. 

reset 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Modes  Bootloader 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Examples 


This  example  shows  how  to  reset  the  system: 

switch:  reset 

Are  you  sure  you  want  to  reset  the  system  (y/n) ?y 
System  resetting. . . 


Related  Commands  Command 

boot 


Description 

Loads  and  boots  an  executable  image  and  enters  the  command-line  interface. 
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rmdir 


Use  the  rmdir  bootloader  command  to  remove  one  or  more  empty  directories  from  the  specified  file 
system. 

rmdir  filesy istem:l ' directory -url ... 


Syntax  Description 


filesystem:  Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

I  directory -url  Path  (directory)  and  name  of  the  empty  directories  to  remove.  Separate  each 

directory  name  with  a  space. 


Command  Modes  Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


Directory  names  are  case  sensitive  and  limited  to  45  characters  between  the  slashes  (/);  the  name  cannot 
contain  control  characters,  spaces,  deletes,  slashes,  quotes,  semicolons,  or  colons. 

Before  removing  a  directory,  you  must  first  delete  all  the  files  in  the  directory. 

The  switch  prompts  you  for  confirmation  before  deleting  each  directory. 


Examples 


This  example  shows  how  to  remove  a  directory: 


switch:   rmdir  flash:Test 


You  can  verify  that  the  directory  was  deleted  by  entering  the  dir  filesystem:  bootloader  command. 


Related  Commands  Command 


Description 


dir 


Displays  a  list  of  files  and  directories  on  the  specified  file  system. 


mkdir 


Creates  one  or  more  new  directories  on  the  specified  file  system. 
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set 

Use  the  set  bootloader  command  to  set  or  display  environment  variables,  which  can  be  used  to  control 
the  bootloader  or  any  other  software  running  on  the  switch. 

set  variable  value 


Syntax  Description       variable  value      Use  one  of  these  keywords  for  variable  and  value: 

MANUAL_BOOT — Decides  whether  the  switch  automatically  or  manually  boots. 

Valid  values  are  1,  yes,  0,  and  no.  If  it  is  set  to  no  or  0,  the  bootloader  attempts  to 
automatically  boot  the  system.  If  it  is  set  to  anything  else,  you  must  manually  boot 
the  switch  from  the  bootloader  mode. 

BOOT  filesystem:/file-url — A  semicolon-separated  list  of  executable  files  to  try  to 
load  and  execute  when  automatically  booting. 

If  the  BOOT  environment  variable  is  not  set,  the  system  attempts  to  load  and  execute 
the  first  executable  image  it  can  find  by  using  a  recursive,  depth-first  search  through 
the  flash  file  system.  If  the  BOOT  variable  is  set  but  the  specified  images  cannot  be 
loaded,  the  system  attempts  to  boot  the  first  bootable  file  that  it  can  find  in  the  flash 
file  system. 

ENABLE_BREAK — Decides  whether  the  automatic  boot  process  can  be 
interrupted  by  using  the  Break  key  on  the  console. 

Valid  values  are  1,  yes,  on,  0,  no,  and  off.  If  it  is  set  to  1,  yes,  or  on,  you  can  interrupt 
the  automatic  boot  process  by  pressing  the  Break  key  on  the  console  after  the  flash 
file  system  has  initialized. 

HELPER  filesystem:lfde-url — A  semicolon-separated  list  of  loadable  files  to 
dynamically  load  during  the  bootloader  initialization.  Helper  files  extend  or  patch 
the  functionality  of  the  bootloader. 

PS1  prompt — A  string  that  is  used  as  the  command-line  prompt  in  bootloader  mode. 

CONFIG_FILE  f[ash:/file-url — The  filename  that  Cisco  IOS  uses  to  read  and  write 
a  nonvolatile  copy  of  the  system  configuration. 

BAUD  rate — The  rate  in  bits  per  second  (bps)  used  for  the  console.  The  Cisco  IOS 
software  inherits  the  baud  rate  setting  from  the  bootloader  and  continues  to  use  this 
value  unless  the  configuration  file  specifies  another  setting.  The  range  is  from  0  to 
4294967295  bps.  Valid  values  are  50,  75,  110,  150,  300,  600,  1200,  1800,  2000, 
2400, 3600, 4800, 7200,  9600,  14400,  19200,  28800,  38400,  56000,  57600,  1 15200, 
and  128000. 

The  most  commonly  used  values  are  300,  1200,  2400,  9600,  19200,  57600,  and 
115200. 

JlOOTHLPRfilesystemi/file-url — The  name  of  the  Cisco  IOS  helper  image  that  is 
first  loaded  into  memory  so  that  it  can  then  load  a  second  Cisco  IOS  image  into 
memory  and  launch  it.  This  variable  is  used  only  for  internal  development  and  testing. 

HELPER_CONFIG_FILE/i/ei^?em://(/e-Mr/— The  name  of  the  configuration  file 
to  be  used  by  the  Cisco  IOS  helper  image.  If  this  is  not  set,  the  file  specified  by  the 
CONFIG_FILE  environment  variable  is  used  by  all  versions  of  Cisco  IOS  that  are 
loaded,  including  the  helper  image.  This  variable  is  used  only  for  internal 
development  and  testing. 
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set  ■ 


Defaults 


X 

Note 


The  environment  variables  have  these  default  values: 
M ANUAL_B  OOT:  No  (0) 
BOOT:  Null  string 

ENABLE_BREAK:  No  (Off  or  0)  (the  automatic  boot  process  cannot  be  interrupted  by  pressing  the 
Break  key  on  the  console). 

HELPER:  No  default  value  (helper  files  are  not  automatically  loaded). 
PS1:  switch: 

CONFIG_FILE:  config.text 
BAUD:  9600  bps 

BOOTHLPR:  No  default  value  (no  helper  images  are  specified). 

HELPER_CONFIG_FILE:  No  default  value  (no  helper  configuration  file  is  specified). 
SWITCH_NUMBER:  1 
SWITCH_PRIORITY:  1 


Environment  variables  that  have  values  are  stored  in  the  flash  file  system  in  various  files.  The  format  of 
these  files  is  that  each  line  contains  an  environment  variable  name  and  an  equal  sign  followed  by  the 
value  of  the  variable.  A  variable  has  no  value  if  it  is  not  listed  in  this  file;  it  has  a  value  if  it  is  listed  in 
the  file  even  if  the  value  is  a  null  string.  A  variable  that  is  set  to  a  null  string  (for  example,  "  ")  is  a 
variable  with  a  value.  Many  environment  variables  are  predefined  and  have  default  values. 


Command  Modes 


Bootloader 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


Environment  variables  are  case  sensitive  and  must  be  entered  as  documented. 

Environment  variables  that  have  values  are  stored  in  flash  memory  outside  of  the  flash  file  system. 

Under  normal  circumstances,  it  is  not  necessary  to  alter  the  setting  of  the  environment  variables. 

The  MANUAL_BOOT  environment  variable  can  also  be  set  by  using  the  boot  manual  global 
configuration  command. 

The  BOOT  environment  variable  can  also  be  set  by  using  the  boot  system  filesystem:lfile-url  global 
configuration  command. 

The  ENABLE_BREAK  environment  variable  can  also  be  set  by  using  the  boot  enable-break  global 
configuration  command. 

The  HELPER  environment  variable  can  also  be  set  by  using  the  boot  helper  filesystem:lfile-url  global 
configuration  command. 

The  CONFIG_FILE  environment  variable  can  also  be  set  by  using  the  boot  config-file  flash: i file -url 
global  configuration  command. 
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The  BOOTHLPR  environment  variable  can  also  be  set  by  using  the  boot  boothlpr  filesystem:lfile-url 
global  configuration  command. 

The  HELPER_CONFIG_FILE  environment  variable  can  also  be  set  by  using  the  boot  helper-config-file 

filesystem:lfile-url  global  configuration  command. 

The  HELPER_CONFIG_FILE  environment  variable  can  also  be  set  by  using  the  boot  helper-config-file 

filesystem:lfile-url  global  configuration  command. 

The  bootloader  prompt  string  (PS1)  can  be  up  to  120  printable  characters  except  the  equal  sign  (=). 


Examples 


This  example  shows  how  to  change  the  bootloader  prompt: 


switch:   set  PS1  loader: 

loader : 


You  can  verify  your  setting  by  using  the  set  bootloader  command. 


Related  Commands 


Command 


Description 


unset 


Resets  one  or  more  environment  variables  to  its  previous  setting. 
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type 

Use  the  type  bootloader  command  to  display  the  contents  of  one  or  more  files, 
type  filesystem'.lfile-url ... 


Syntax  Description 

file  system: 

Alias  for  a  flash  file  system.  Use  flash:  for  the  system  board  flash  device. 

Ifile-url 

Path  (directory)  and  name  of  the  files  to  display.  Separate  each  filename  with 
a  space. 

Command  Modes 

Bootloader 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 

Filenames  and  directory  names  are  case  sensitive. 

If  you  specify  a  list  of  files,  the  contents  of  each  file  appears  sequentially. 

Examples 

This  example  shows  how  to  display  the  contents  of  two  files: 

switch:   type  flash: cgesm-i612-mz . 122-25 . SE/info 
version_suf f ix:    i612-122-25 . SE 
version_directory :   cgesm-i612-mz . 122-25 . SE 
image_system_type_id:  0x00000000 
image_name :   cgesm-i612 -mz . 122 -2  5 . SE . bin 
ios_image_f ile_size :  4391936 
total_image_f ile_size :  5906944 
image_f eature :   LAYER_2  MIN_DRAM_MEG=32 
image_f amily :  CGESM 
stacking_number :  1.7 
board_ids:  0x00000021 
inf o_end: 

Related  Commandsi 

Command 

Description 

cat 

Displays  the  contents  of  one  or  more  files. 

more 

Displays  the  contents  of  one  or  more  files. 
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unset 


Use  the  unset  bootloader  command  to  reset  one  or  more  environment  variables, 
unset  variable  ... 


Syntax  Description  variable 


Use  one  of  these  keywords  for  variable: 

MANUAL_BOOT — Decides  whether  the  switch  automatically  or  manually 
boots. 

BOOT — Resets  the  list  of  executable  files  to  try  to  load  and  execute  when 
automatically  booting.  If  the  BOOT  environment  variable  is  not  set,  the 
system  attempts  to  load  and  execute  the  first  executable  image  it  can  find  by 
using  a  recursive,  depth-first  search  through  the  flash  file  system.  If  the 
BOOT  variable  is  set  but  the  specified  images  cannot  be  loaded,  the  system 
attempts  to  boot  the  first  bootable  file  that  it  can  find  in  the  flash  file  system. 

ENABLE_BREAK — Decides  whether  the  automatic  boot  process  can  be 
interrupted  by  using  the  Break  key  on  the  console  after  the  flash  file  system 
has  been  initialized. 

HELPER — A  semicolon-separated  list  of  loadable  files  to  dynamically  load 
during  the  bootloader  initialization.  Helper  files  extend  or  patch  the 
functionality  of  the  bootloader. 

PS1 — A  string  that  is  used  as  the  command-line  prompt  in  bootloader  mode. 

CONFIG_FILE — Resets  the  filename  that  Cisco  IOS  uses  to  read  and  write 
a  nonvolatile  copy  of  the  system  configuration. 

BAUD — Resets  the  rate  in  bits  per  second  (bps)  used  for  the  console.  The 
Cisco  IOS  software  inherits  the  baud  rate  setting  from  the  bootloader  and 
continues  to  use  this  value  unless  the  configuration  file  specifies  another 
setting. 

BOOTHLPR — Resets  the  name  of  the  Cisco  IOS  helper  image  that  is  first 
loaded  into  memory  so  that  it  can  then  load  a  second  Cisco  IOS  image  into 
memory  and  launch  it.  This  variable  is  used  only  for  internal  development  and 
testing. 

HELPER_CONFIG_FILE— Resets  the  name  of  the  configuration  file  to  be 
used  by  the  Cisco  IOS  helper  image.  If  this  is  not  set,  the  file  specified  by  the 
CONFIG_FILE  environment  variable  is  used  by  all  versions  of  Cisco  IOS 
that  are  loaded,  including  the  helper  image.  This  variable  is  used  only  for 
internal  development  and  testing. 


Command  Modes 


Bootloader 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 
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unset M 


Usage  Guidelines        Under  normal  circumstances,  it  is  not  necessary  to  alter  the  setting  of  the  environment  variables. 

The  MANUAL_BOOT  environment  variable  can  also  be  reset  by  using  the  no  boot  manual  global 
configuration  command. 

The  BOOT  environment  variable  can  also  be  reset  by  using  the  no  boot  system  global  configuration 
command. 

The  ENABLE_BREAK  environment  variable  can  also  be  reset  by  using  the  no  boot  enable-break 
global  configuration  command. 

The  HELPER  environment  variable  can  also  be  reset  by  using  the  no  boot  helper  global  configuration 
command. 

The  CONFIG_FlLE  environment  variable  can  also  be  reset  by  using  the  no  boot  config-file  global 
configuration  command. 

The  BOOTHLPR  environment  variable  can  also  be  reset  by  using  the  no  boot  boothlpr  global 
configuration  command. 

The  HELPER_CONFIG_FILE  environment  variable  can  also  be  reset  by  using  the  no  boot 
helper-config-file  global  configuration  command. 


Examples 


This  example  shows  how  to  reset  the  prompt  string  to  its  previous  setting: 


switch:  unset  PS1 
switch : 


Related  Commands  Command 

set 


Description 

Sets  or  displays  environment  variables. 
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version 

Use  the  version  bootloader  command  to  display  the  bootloader  version, 
version 


Syntax  Description  This  command  has  no  arguments  or  keywords. 
Command  Modes  Bootloader 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Examples  This  example  shows  how  to  display  the  bootloader  version: 

switch:  version 

CGESM  Boot  Loader    ( CGESM- HBBOT-M)   Version  12.1(25)SE 

Compiled  Wed  21-Feb-02  14:58  by  devgoyal 
switch: 
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APPENDIX 


CGESM  Switch  Debug  Commands 


This  appendix  describes  the  debug  privileged  EXEC  commands  that  have  been  created  or  changed  for 
use  with  the  switch.  These  commands  are  helpful  in  diagnosing  and  resolving  internetworking  problems 
and  should  be  enabled  only  under  the  guidance  of  Cisco  technical  support  staff. 

A   

Caution      Because  debugging  output  is  assigned  high  priority  in  the  CPU  process,  it  can  render  the  system 

unusable.  For  this  reason,  use  the  debug  commands  only  to  troubleshoot  specific  problems  or  during 
troubleshooting  sessions  with  Cisco  technical  support  staff.  It  is  best  to  use  the  debug  commands  during 
periods  of  lower  network  traffic  and  fewer  users.  Debugging  during  these  periods  decreases  the 
likelihood  that  increased  debug  command  processing  overhead  will  affect  system  use. 
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debug  auto  qos 


Use  the  debug  auto  qos  privileged  EXEC  command  to  enable  debugging  of  the  automatic  quality  of 
service  (auto-QoS)  feature.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  auto  qos 

no  debug  auto  qos 


Syntax  Description      This  command  has  no  keywords  or  arguments. 


Defaults 


Auto-QoS  debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


To  display  the  QoS  configuration  that  is  automatically  generated  when  auto-QoS  is  enabled,  enable 
debugging  before  you  enable  auto-QoS.  You  enable  debugging  by  entering  the  debug  auto  qos 
privileged  EXEC  command. 

The  undebug  auto  qos  command  is  the  same  as  the  no  debug  auto  qos  command. 


Examples 


This  example  shows  how  to  display  the  QoS  configuration  that  is  automatically  generated  when 
auto-QoS  is  enabled: 

Switch#  debug  auto  qos 

AutoQoS  debugging  is  on 
Switch#  configure  terminal 

Enter  configuration  commands,   one  per  line.     End  with  CNTL/Z. 
Switch (config) #  interface  gigabitethernetO/1 
Switch (config-if) #  auto  qos  voip  cisco-phone 
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mis  qos  map 
mis  qos 
no  mis  qos  s 
no  mis  qos  s 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
mis  qos  srr 
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mis  qos  srr 


cos-dscp  0  8  16  26  32  46  48  56 


rr-queue  input  cos -map 
rr-queue  output  cos -map 
queue  input  cos-map  queue  1 
queue  input  cos-map  queue  1 
queue  input  cos-map  queue  2 
queue  input  cos -map  queue  2 
queue  input  cos-map  queue  2 
queue  output  cos -map  queue 
queue  output  cos -map  queue 
queue  output  cos -map  queue 
queue  output  cos -map  queue 
queue  output  cos -map  queue 


threshold  3 
threshold  2 
threshold  1 
threshold  2 
threshold  3 
1  threshold  3 
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threshold  3 
threshold  2 
threshold  3 
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no  mis  qos  srr-queue  input  dscp-map 
no  mis  qos  srr-queue  output  dscp-map 

mis  qos  srr-queue  input  dscp-map  queue  1  threshold  2 
mis  qos  srr-queue  input  dscp-map  queue  1 
mis  qos  srr-queue  input  dscp-map  queue  1 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  input  dscp-map  queue  2 
mis  qos  srr-queue  output  dscp-map  queue  1 
mis  qos  srr-queue  output  dscp-map  queue  2 
mis  qos  srr-queue  output  dscp-map  queue  2 
mis  qos  srr-queue  output  dscp-map  queue  2 
mis  qos  srr-queue  output  dscp-map  queue  3 
mis  qos  srr-queue  output  dscp-map  queue  3 
mis  qos  srr-queue  output  dscp-map  queue  4 
mis  qos  srr-queue  output  dscp-map  queue  4 
mis  qos  srr-queue  output  dscp-map  queue  4 
no  mis  qos  srr-queue  input  priority-queue 
no  mis  qos  srr-queue  input  priority-queue 
mis  qos  srr-queue  input  bandwidth  90  10 
no  mis  qos  srr-queue  input  buffers 
mis  qos  queue-set  output  1  buffers  10  10 
interface  GigabitEthernetO/l 

mis  qos  trust  device  cisco-phone 

mis  qos  trust  cos 

no  queue-set  1 

srr-queue  bandwidth  shape  10  0  0  0 
srr-queue  bandwidth  share  10  10  60  20 
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threshold 
threshold 
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threshold 
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threshold 
threshold 
threshold 
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Related  Commands      Command  Description 


auto  qos  voip 

Configures  auto-QoS  for  voice  over  IP  (VoIP)  within  a  QoS  domain. 

show  auto  qos 

Displays  the  initial  configuration  that  is  generated  by  the  automatic  auto-QoS 

feature 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  backup 


Use  the  debug  backup  privileged  EXEC  command  to  enable  debugging  of  the  Flex  Links  backup 
interface.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  backup  { all  I  errors  I  events  I  vlan-load-balancing } 

no  debug  backup  {all  I  errors  I  events  I  vlan-load-balancing} 


Syntax  Description  all 


errors 


events 

vlan-load- 
balancing 


Display  all  backup  interface  debug  messages. 


Display  backup  interface  error  or  exception  debug  messages. 


Display  backup  interface  event  debug  messages. 
Display  backup  interface  VLAN  load  balancing. 


Command  Default       Backup  interface  debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  backup  command  is  the  same  as  the  no  debug  backup  command. 


Related  Commands  Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  cluster 


Use  the  debug  cluster  privileged  EXEC  command  to  enable  debugging  of  cluster-specific  events.  Use 
the  no  form  of  this  command  to  disable  debugging. 

debug  cluster  {discovery  I  events  I  extended  I  hsrp  I  http  I  ip  [packet]  I  members  I  nat  I  neighbors 
I  platform  I  snmp  I  vqpxy} 

no  debug  cluster  { discovery  I  events  I  extended  I  hsrp  I  http  I  ip  [packet]  I  members  I  nat  I 
neighbors  I  platform  I  snmp  I  vqpxy } 


Syntax  Description 


discovery 

Display  cluster  discovery  debug  messages. 

events 

Display  cluster  event  debug  messages. 

extended 

Display  extended  discovery  debug  messages. 

hsrp 

Display  the  Hot  Standby  Router  Protocol  (HSRP)  debug  messages. 

http 

Display  Hypertext  Transfer  Protocol  (HTTP)  debug  messages. 

ip  [packet] 

Display  IP  or  transport  packet  debug  messages. 

members 

Display  cluster  member  debug  messages. 

nat 

Display  Network  Address  Translation  (NAT)  debug  messages. 

neighbors 

Display  cluster  neighbor  debug  messages. 

platform 

Display  platform-specific  cluster  debug  messages. 

snmp 

Display  Simple  Network  Management  Protocol  (SNMP)  debug  messages. 

vqpxy 

Display  VLAN  Query  Protocol  (VQP)  proxy  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


This  command  is  available  only  on  thecluster  command  switch. 

The  undebug  cluster  command  is  the  same  as  the  no  debug  cluster  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  cluster  Displays  the  cluster  status  and  a  summary  of  the  cluster  to  which  the 

switch  belongs. 
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Command 

Description 

show  cluster  candidates 

Displays  a  list  of  candidate  switches  when  entered  on  the  command 

switch. 

show  cluster  members 

Displays  information  about  cluster  members  when  executed  on  the 

command  switch. 

B-6 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Appendix  B     CGESM  Switch  Debug  Commands 


debug  dotlx  M 


debug  dotlx 


Use  the  debug  dotlx  privileged  EXEC  command  to  enable  debugging  of  the  IEEE  802.  lx  authentication 
feature.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  dotlx  { all  I  errors  I  events  I  feature  I  packets  I  registry  I  state-machine } 

no  debug  dotlx  { all  I  errors  I  events  I  feature  I  packets  I  registry  I  state-machine } 


Syntax  Description 

all 

Display  all  IEEE  802.  lx  authentication  debug  messages. 

errors 

Display  IEEE  802. lx  error  debug  messages. 

events 

Display  IEEE  802. lx  event  debug  messages. 

feature 

Display  IEEE  802. lx  feature  debug  messages. 

packets 

Display  IEEE  802. lx  packet  debug  messages. 

registry 

Display  IEEE  802. lx  registry  invocation  debug  messages. 

state-machine 

Display  state-machine  related-events  debug  messages. 

X 

Note 

Though  visible  in  the  command-line  help  strings,  the  redundancy  keyword  is  not  supported. 

Command  Default       Debugging  is  disabled. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 
12.2(25)SEE 


Modification 

This  command  was  introduced. 
The  feature  keyword  was  added. 


Usage  Guidelines       The  undebug  dotlx  command  is  the  same  as  the  no  debug  dotlx  command. 


Related  Commands  Command 


show  debugging 


show  dotlx 


Description 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


Displays  IEEE  802.1xstatistics,  administrative  status,  and  operational  status 
for  the  switch  or  for  the  specified  port. 
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debug  dtp 


Use  the  debug  dtp  privileged  EXEC  command  to  enable  debugging  of  the  Dynamic  Trunking  Protocol 
(DTP)  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  dtp  {aggregation  I  all  I  decision  I  events  I  oserrs  I  packets  I  queue  I  states  I  timers} 

no  debug  dtp  { aggregation  I  all  I  decision  I  events  I  oserrs  I  packets  I  queue  I  states  I  timers } 


Syntax  Description 


aggregation 

Display  DTP  user-message  aggregation  debug  messages. 

all 

Display  all  DTP  debug  messages. 

decision 

Display  the  DTP  decision-table  debug  messages. 

events 

Display  the  DTP  event  debug  messages. 

oserrs 

Display  DTP  operating  system-related  error  debug  messages. 

packets 

Display  DTP  packet-processing  debug  messages. 

queue 

Display  DTP  packet-queueing  debug  messages. 

states 

Display  DTP  state-transition  debug  messages. 

timers 

Display  DTP  timer-event  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  dtp  command  is  the  same  as  the  no  debug  dtp  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled, 

show  dtp  Displays  DTP  information  for  the  switch  or  for  a  specified  interface. 
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debug  eap 


Use  the  debug  eap  privileged  EXEC  command  to  enable  debugging  of  the  Extensible  Authentication 
Protocol  (EAP)  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  dotlx  {all  I  authenticator  I  errors  I  events  I  md5  I  packets  I  peer  I  sm) 

no  debug  dotlx  {all  I  authenticator  I  errors  I  events  I  md5  I  packets  I  peer  I  sm} 


Syntax  Description 


Usage  Guidelines 


Related  Commands 


all 

Display  all  EAP  debug  messages. 

authenticator 

Display  authenticator  debug  messages. 

errors 

Display  EAP  error  debug  messages. 

events 

Display  EAP  event  debug  messages. 

md5 

Display  EAP-MD5  debug  messages. 

packets 

Display  EAP  packet  debug  messages. 

peer 

Display  EAP  peer  debug  messages. 

sm 

Display  EAP  state-machine  related-events  debug  messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SEE 

This  command  was  introduced. 

The  undebug  dotlx  command  is  the  same  as  the  no  debug  dotlx  command. 

Command 

Description 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  eap 

Displays  EAP  registration  and  session  information  for  the  switch  or  for  the 

specified  port. 
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debug  etherchannel 


Use  the  debug  etherchannel  privileged  EXEC  command  to  enable  debugging  of  the 
EtherChannel/PAgP  shim.  This  shim  is  the  software  module  that  is  the  interface  between  the  Port 
Aggregation  Protocol  (PAgP)  software  module  and  the  port  manager  software  module.  Use  the  no  form 
of  this  command  to  disable  debugging. 

debug  etherchannel  [all  I  detail  I  error  I  event  I  idb] 

no  debug  etherchannel  [all  I  detail  I  error  I  event  I  idb] 


Syntax  Description  all 


(Optional)  Display  all  EtherChannel  debug  messages. 


detail 


(Optional)  Display  detailed  EtherChannel  debug  messages. 


error  (Optional)  Display  EtherChannel  error  debug  messages. 

event  (Optional)  Debug  major  EtherChannel  event  messages. 

idb  (Optional)  Display  PAgP  interface  descriptor  block  debug  messages. 

X   

Note      Though  visible  in  the  command-line  help  strings,  the  linecard  keyword  is  not  supported. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


If  you  do  not  specify  a  keyword,  all  debug  messages  appear. 

The  undebug  etherchannel  command  is  the  same  as  the  no  debug  etherchannel  command. 


Related  Commands  Command 


show  debugging 


show  etherchannel 


Description 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


Displays  EtherChannel  information  for  the  channel. 
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debug  interface 


Use  the  debug  interface  privileged  EXEC  command  to  enable  debugging  of  interface-related  activities. 
Use  the  no  form  of  this  command  to  disable  debugging. 

debug  interface  {interface-id  I  null  interface -number  I  port-channel  port-channel-number  I 
vlan  vlan-id} 

no  debug  interface  {interface-id  I  null  interface-number  I  port-channel  port-channel-number  I 
vlan  vlan-id} 


Syntax  Description  interface-id 


Display  debug  messages  for  the  specified  physical  port,  identified  by  type 
switch  number/module  number/  port,  for  example  gigabitethernet  0/2. 

null  interface-number     Display  debug  messages  for  null  interfaces.  The  interface -number  is  always 
0. 

port-channel  Display  debug  messages  for  the  specified  EtherChannel  port-channel 

port-channel-number      interface.  The  port-channel-number  range  is  1  to  48. 

vlan  vlan-id  Display  debug  messages  for  the  specified  VLAN.  The  vlan-id  range  is  1  to 

4094. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines 


If  you  do  not  specify  a  keyword,  all  debug  messages  appear. 

The  undebug  interface  command  is  the  same  as  the  no  debug  interface  command. 


Related  Commands  Command 


Description 


show  debugging 
show  etherchannel 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
Displays  EtherChannel  information  for  the  channel. 
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debug  ip  igmp  filter 


Use  the  debug  ip  igmp  filter  privileged  EXEC  command  to  enable  debugging  of  Internet  Group 
Management  Protocol  (IGMP)  filter  events.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  ip  igmp  filter 

no  debug  ip  igmp  filter 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  ip  igmp  filter  command  is  the  same  as  the  no  debug  ip  igmp  filter  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  ip  igmp  max-groups  I 


debug  ip  igmp  max-groups 

Use  the  debug  ip  igmp  max-groups  privileged  EXEC  command  to  enable  debugging  of  Internet  Group 
Management  Protocol  (IGMP)  maximum  groups  events.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  ip  igmp  max-groups 

no  debug  ip  igmp  max-groups 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  ip  igmp  max-groups  command  is  the  same  as  the  no  debug  ip  igmp  max-groups 

command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  ip  igmp  snooping 


Use  the  debug  igmp  snooping  privileged  EXEC  command  to  enable  debugging  of  Internet  Group 
Management  Protocol  (IGMP)  snooping  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  ip  igmp  snooping  [group  I  management  I  querier  I  router  I  timer] 

no  debug  ip  igmp  snooping  [group  I  management  I  querier  I  router  I  timer] 


Syntax  Description 


group 

(Optional)  Display  IGMP  snooping  group  activity  debug  messages. 

management 

(Optional)  Display  IGMP  snooping  management  activity  debug  messages. 

querier 

(Optional)  Display  IGMP  snooping  querier  debug  messages. 

router 

(Optional)  Display  IGMP  snooping  router  activity  debug  messages. 

timer 

(Optional)  Display  IGMP  snooping  timer  event  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  ip  igmp  snooping  command  is  the  same  as  the  no  debug  ip  igmp  snooping  command. 


Related  Commands  Command 


Description 


debug  platform  ip 
igmp  snooping 


Displays  information  about  platform-dependent  IGMP  snooping  activity. 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  lacp  M 


debug  lacp 


Use  the  debug  lacp  privileged  EXEC  command  to  enable  debugging  of  Link  Aggregation  Control 
Protocol  (LACP)  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  lacp  [all  I  event  I  fsm  I  misc  I  packet] 

no  debug  lacp  [all  I  event  I  fsm  I  misc  I  packet] 


Syntax  Description 


all 

(Optional)  Display  all  LACP  debug  messages. 

event 

(Optional)  Display  LACP  event  debug  messages. 

fsm 

(Optional)  Display  LACP  finite  state-machine  debug  messages. 

misc 

(Optional)  Display  miscellaneous  LACP  debug  messages. 

packet 

(Optional)  Display  LACP  packet  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  lacp  command  is  the  same  as  the  no  debug  lacp  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  lacp 


Displays  LACP  channel-group  information. 
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debug  mac-notification 


Use  the  debug  mac-notification  privileged  EXEC  command  to  enable  debugging  of  MAC  notification 
events.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  mac-notification 

no  debug  mac-notification 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  mac-notification  command  is  the  same  as  the  no  debug  mac-notification  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  mac 

address-table 

notification 


Displays  the  MAC  address  notification  information  for  all  interfaces  or  the 
specified  interface. 
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debug  matm  M 


debug  matm 


Use  the  debug  matm  privileged  EXEC  command  to  enable  debugging  of  platform-independent  MAC 
address  management.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  matm 

no  debug  matm 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  matm  command  is  the  same  as  the  no  debug  matm  command. 


Related  Commands  Command 


Description 


debug  platform  matm 

Displays 

information  about  platform-dependent  MAC  address  management. 

show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 
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H    debug  matm  move  update 


debug  matm  move  update 

Use  the  debug  matm  move  update  privileged  EXEC  command  to  enable  debugging  of  MAC 
address-table  move  update  message  processing. 

debug  matm  move  update 

no  debug  matm  move  update 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SED  This  command  was  introduced. 


Usage  Guidelines       The  undebug  matm  move  update  command  is  the  same  as  the  no  debug  matm  move  update  command. 


Related  Commands      Command  Description 


mac  address-table 

Configures  MAC  address-table  move  update  feature  on  the  switch. 

move  update  { receive  1 

transmit} 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  mac 

Displays  the  MAC  address-table  move  update  information  on  the  switch. 

address-table  move 

update 
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debug  monitor  B 


debug  monitor 


Use  the  debug  monitor  privileged  EXEC  command  to  enable  debugging  of  the  Switched  Port  Analyzer 
(SPAN)  feature.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  monitor  {all  I  errors  I  idb-update  I  info  I  list  I  notifications  I  platform  I  requests  I  snmp} 

no  debug  monitor  {all  I  errors  I  idb-update  I  info  I  list  I  notifications  I  platform  I  requests  I  snmp} 


Syntax  Description 


all 

Display  all  SPAN  debug  messages. 

errors 

Display  detailed  SPAN  error  debug  messages. 

idb-update 

Display  SPAN  interface  description  block  (IDB)  update-trace  debug  messages. 

info 

Display  SPAN  informational-tracing  debug  messages. 

list 

Display  SPAN  port  and  VLAN-list  tracing  debug  messages. 

notifications 

Display  SPAN  notification  debug  messages. 

platform 

Display  SPAN  platform-tracing  debug  messages. 

requests 

Display  SPAN  request  debug  messages. 

snmp 

Display  SPAN  and  Simple  Network  Management  Protocol  (SNMP)  tracing 

debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  monitor  command  is  the  same  as  the  no  debug  monitor  command. 


Related  Commands 


Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  monitor 


Displays  information  about  all  SPAN  and  remote  SPAN  (RSPAN)  sessions 
on  the  switch. 
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debug  mvrdbg 


Use  the  debug  mvrdbg  privileged  EXEC  command  to  enable  debugging  of  Multicast  VLAN 
Registration  (MVR).  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  mvrdbg  {all  I  events  I  igmpsn  I  management  I  ports} 

no  debug  mvrdbg  {all  I  events  I  igmpsn  I  management  I  ports} 


Syntax  Description 


all 

Display  all  MVR  activity  debug  messages. 

events 

Display  MVR  event-handling  debug  messages. 

igmpsn 

Display  MVR  Internet  Group  Management  Protocol  (1GMP)  snooping-activity 

debug  messages. 

management 

Display  MVR  management-activity  debug  messages. 

ports 

Display  MVR  port  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  mvrdbg  command  is  the  same  as  the  no  debug  mvrdbg  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  mvr 


Displays  the  current  MVR  configuration. 
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debug  nvram  WH 


debug  nvram 


Use  the  debug  nvram  privileged  EXEC  command  to  enable  debugging  of  NVRAM  activity.  Use  the  no 
form  of  this  command  to  disable  debugging. 

debug  nvram 

no  debug  nvram 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  nvram  command  is  the  same  as  the  no  debug  nvram  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  pagp 


Use  the  debug  pagp  privileged  EXEC  command  to  enable  debugging  of  Port  Aggregation  Protocol 
(PAgP)  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  pagp  [all  I  event  I  fsm  I  misc  I  packet] 

no  debug  pagp  [all  I  event  I  fsm  I  misc  I  packet] 


Syntax  Description 

all 

(Optional)  Display  all  PAgP  debug  messages. 

event 

(Optional)  Display  PAgP  event  debug  messages. 

fsm 

(Optional)  Display  PAgP  finite  state-machine  debug  messages. 

misc 

(Optional)  Display  miscellaneous  PAgP  debug  messages. 

packet 

(Optional)  Display  PAgP  packet  debug  messages. 

Defaults 

Debugging  is  disabled. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       The  undebug  pagp  command  is  the  same  as  the  no  debug  pagp  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  pagp 


Displays  PAgP  channel-group  information. 
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debug  platform  acl  I 


debug  platform  acl 


Use  the  debug  platform  acl  privileged  EXEC  command  to  enable  debugging  of  the  access  control  list 
(ACL)  manager.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  acl  { all  I  exit  I  label  I  main  I  vacl  I  vlmap  I  warn } 

no  debug  platform  acl  { all  I  exit  I  label  I  main  I  vacl  I  vlmap  I  warn } 


Syntax  Description 

all 

Display  all  ACL  manager  debug  messages. 

exit 

Display  ACL  exit-related  debug  messages. 

label 

Display  ACL  label-related  debug  messages. 

main 

Display  the  main  or  important  ACL  debug  messages. 

vacl 

Display  VLAN  ACL-related  debug  messages. 

vlmap 

Display  ACL  VLAN-map-related  debug  messages. 

warn 

Display  ACL  warning-related  debug  messages. 

X 

Note 

Though  visible  in  the  command-line  help  strings,  the  racl  and  stack  keywords  are  not  supported. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  acl  command  is  the  same  as  the  no  debug  platform  acl  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  backup  interface 


Use  the  debug  platform  backup  interface  privileged  EXEC  command  to  enable  debugging  of  the 
Flex  Links  platform  backup  interface.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  backup  interface 

no  debug  platform  backup  interface 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Command  Default       Platform  backup  interface  debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  backup  interface  command  is  the  same  as  the  no  platform  debug  backup 
interface  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  cpu-queues  I 


debug  platform  cpu-queues 

Use  the  debug  platform  cpu-queues  privileged  EXEC  command  to  enable  debugging  of  platform 
central  processing  unit  (CPU)  receive  queues.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  cpu-queues  {broadcast-q  I  cbt-to-spt-q  I  cpuhub-q  I  host-q  I  icmp-q  I 
igmp-snooping-q  I  layer2-protocol-q  I  logging-q  I  remote-console-q  I  software-fwd-q  I 
stp-q} 

no  debug  platform  cpu-queues  {broadcast-q  I  cbt-to-spt-q  I  cpuhub-q  I  host-q  I  icmp-q  I 
igmp-snooping-q  I  layer2-protocol-q  I  logging-q  I  remote-console-q  I  software-fwd-q  I 
stp-q} 


Syntax  Description      broadcast-q  Display  debug  messages  about  packets  received  by  the  broadcast  queue. 


cbt-to-spt-q 

Display  debug  messages  about  packets  received  by  the  core-based  tree  to 

shortest-path  tree  (cbt-to-spt)  queue. 

cpuhub-q 

Display  debug  messages  about  packets  received  by  the  CPU  heartbeat  queue. 

host-q 

Display  debug  messages  about  packets  received  by  the  host  queue. 

icmp-q 

Display  debug  messages  about  packets  received  by  the  Internet  Control  Message 

Protocol  (ICMP)  queue. 

igmp-snooping-q 

Display  debug  messages  about  packets  received  by  the  Internet  Group 

Management  Protocol  (IGMP)-snooping  queue. 

layer2-protocol-q 

Display  debug  messages  about  packets  received  by  the  Layer  2  protocol  queue. 

logging-q 

Display  debug  messages  about  packets  received  by  the  logging  queue. 

remote-console-q 

Display  debug  messages  about  packets  received  by  the  remote  console  queue. 

software-fwd-q 

Debug  packets  received  by  the  software  forwarding  queue. 

stp-q 

Debug  packets  received  by  the  Spanning  Tree  Protocol  (STP)  queue. 

X   

Note      Though  visible  in  the  command-line  help  strings,  the  routing-protocol-Q  and  rpffail-q  keywords  are 
not  supported. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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I    debug  platform  cpu-queues 


Usage  Guidelines       The  undebug  platform  cpu-queues  command  is  the  same  as  the  no  debug  platform  cpu-queues 

command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  dotlx  I 


debug  platform  dotlx 


Use  the  debug  platform  dotlx  privileged  EXEC  command  to  enable  debugging  of  IEEE  802.  lx  events. 
Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  dotlx  { initialization  I  interface-configuration  I  rpc } 

no  debug  platform  dotlx  {initialization  I  interface-configuration  I  rpc} 


Syntax  Description 


initialization 

Display  IEEE  802. lx 
messages. 

-authentication  initialization  sequence  debug 

interface-configuration 

Display  IEEE  802.  lx 

interface  configuration-related  debug  messages. 

rpc 

Display  IEEE  802. lx 
messages. 

remote  procedure  call  (RPC)  request  debug 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  dotlx  command  is  the  same  as  the  no  debug  platform  dotlx  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  etherchannel 


Use  the  debug  platform  etherchannel  privileged  EXEC  command  to  enable  debugging  of 
platform-dependent  EtherChannel  events.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  etherchannel  { init  I  link-up  I  rpc  I  warnings } 

no  debug  platform  etherchannel  {init  I  link-up  I  rpc  I  warnings} 


Syntax  Description  init 


Display  EtherChannel  module  initialization  debug  messages. 


link-up 


Display  EtherChannel  link-up  and  link-down  related  debug  messages. 


rpc  Display  EtherChannel  remote  procedure  call  (RPC)  debug  messages, 

warnings  Display  EtherChannel  warning  debug  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  etherchannel  command  is  the  same  as  the  no  debug  platform  etherchannel 

command. 


Related  Commands  Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 


B-28 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Appendix  B     CGESM  Switch  Debug  Commands 


debug  platform  forw-tcam  H 


debug  platform  forw-tcam 


Use  the  debug  platform  forw-tcam  privileged  EXEC  command  to  enable  debugging  of  the  forwarding 
ternary  content  addressable  memory  (TCAM)  manager.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  platform  forw-tcam  [adjustment  I  allocate  I  audit  I  error  I  move  I  read  I  write] 
no  debug  platform  forw-tcam  [adjustment  I  allocate  I  audit  I  error  I  move  I  read  I  write] 


Syntax  Description 


Defaults 


adjustment 

(Optional)  Display  TCAM  manager  adjustment  debug  messages. 

allocate 

(Optional)  Display  TCAM  manager  allocation  debug  messages. 

audit 

(Optional)  Display  TCAM  manager  audit  messages. 

error 

(Optional)  Display  TCAM  manager  error  messages. 

move 

(Optional)  Display  TCAM  manager  move  messages. 

read 

(Optional)  Display  TCAM  manager  read  messages. 

write 

(Optional)  Display  TCAM  manager  write  messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       If  you  do  not  specify  a  keyword,  all  forwarding  TCAM  manager  debug  messages  appear. 

The  undebug  platform  forw-tcam  command  is  the  same  as  the  no  debug  platform  forw-tcam 

command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  ip  dhcp 


Use  the  debug  platform  ip  dhcp  privileged  EXEC  command  to  debug  DHCP  events.  Use  the  no  form 
of  this  command  to  disable  debugging. 

debug  platform  ip  dhcp  [all  I  error  I  event  I  packet  I  rpc] 

no  debug  platform  ip  dhcp  [all  I  error  I  event  I  packet  I  rpc] 


Syntax  Description 


Defaults 


all 

(Optional)  Display  all  DHCP  debug  messages. 

CI  1  UI 
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event 

(Optional)  Display  DHCP  event  debug  messages. 

packet 

(Optional)  Display  DHCP  packet-related  debug  messages. 

rpc 

(Optional)  Display  DHCP  remote  procedure  call  (RPC)  request  debug 

messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       The  undebug  platform  ip  dhcp  command  is  the  same  as  the  no  debug  platform  ip  dhcp  command. 


Related  Commands      Command  Description 


show  ip  dhcp  snooping 

Displays  the  DHCP  snooping  configuration. 

show  ip  dhcp  snooping 
binding 

Displays  the  DHCP  snooping  binding  information. 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  ip  igmp  snooping 

Use  the  debug  platform  ip  igmp  snooping  privileged  EXEC  command  to  enable  debugging  of 
platform-dependent  Internet  Group  Management  Protocol  (IGMP)  snooping.  Use  the  no  form  of  this 
command  to  disable  debugging. 

debug  platform  ip  igmp  snooping  { all  I  di  I  error  I  event  I  group  I  mgmt  I  pak  I  retry  I  rpc  I  warn } 

debug  platform  ip  igmp  snooping  pak  {ip-address  I  error  I  ipopt  I  leavel  query  I  report  I  rx  I  svi 
I  tx} 

debug  platform  ip  igmp  snooping  rpc  [cfg  I  misc  I  vlan] 

no  debug  platform  ip  igmp  snooping  {all  I  di  I  error  I  event  I  group  I  mgmt  I  pak  I  retry  I  rpc  I 
warn} 

Syntax  Description      all  Display  all  IGMP  snooping  debug  messages. 


di 

Display  IGMP  snooping  destination  index  (di)  coordination  remote  procedure 

call  (RPC)  debug  messages. 

error 

Display  IGMP  snooping  error  messages. 

event 

Display  IGMP  snooping  event  debug  messages. 

group 

Display  IGMP  snooping  group  debug  messages. 

mgmt 

Display  IGMP  snooping  management  debug  messages. 

Display  IGMP  snooping  packet  event  debug  messages.  The  keywords  have 
these  meanings: 

•  ip-address — IP  address  of  the  IGMP  group. 

•  error — Display  IGMP  snooping  packet  error  debug  messages. 

•  ipopt — Display  IGMP  snooping  IP  bridging  options  debug  messages. 

•  leave — Display  IGMP  snooping  leave  debug  messages. 

•  query — Display  IGMP  snooping  query  debug  messages. 

•  report — Display  IGMP  snooping  report  debug  messages. 

•  rx — Display  IGMP  snooping  received  packet  debug  messages. 

•  svi — Display  IGMP  snooping  switched  virtual  interface  (SVI)  packet 
debug  messages. 

•  tx — Display  IGMP  snooping  sent  packet  debug  messages, 
retry                         Display  IGMP  snooping  retry  debug  messages. 

rpc  [cfg  I  misc  I  vlan]   Display  IGMP  snooping  remote  procedure  call  (RPC)  event  debug  messages. 
The  keywords  have  these  meanings: 

•  cfg — (Optional)  Display  IGMP  snooping  RPC  debug  messages. 

•  misc — (Optional)  IGMP  snooping  miscellaneous  RPC  debug  messages. 

•  vlan — (Optional)  IGMP  snooping  VLAN  assert  RPC  debug  messages, 
warn                         Display  IGMP  snooping  warning  messages. 


pak  { ip-address  I 
error  I  ipopt  I  leave  I 
query  I  report  I  rx  I 
svi  I  tx} 
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Note      Though  visible  in  the  command-line  help  strings,  the  rpc  13mm  keyword  is  not  supported. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  ip  igmp  snooping  command  is  the  same  as  the  no  debug  platform  ip  igmp 
snooping  command. 


Related  Commands  Command 

debug  ip  igmp 
snooping 


Description 

Displays  information  about  platform-independent  IGMP  snooping  activity. 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  led 


Use  the  debug  platform  led  privileged  EXEC  command  to  enable  debugging  of  light-emitting  diode 
(LED)  actions.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  led  { generic  I  signal } 

no  debug  platform  led  { generic  I  signal } 


Syntax  Description      generic         Display  LED  generic  action  debug  messages. 


signal  Display  LED  signal  bit  map  debug  messages. 


Note      Though  visible  in  the  command-line  help  strings,  the  stack  keyword  is  not  supported. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  led  command  is  the  same  as  the  no  debug  platform  led  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  matm 


Use  the  debug  platform  matm  privileged  EXEC  command  to  enable  debugging  of  platform-dependent 
MAC  address  management.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  matm  {aging  I  all  I  ec-aging  I  errors  I  learning  I  rpc  I  secure-address  I  warnings} 

no  debug  platform  matm  {aging  I  all  I  ec-aging  I  errors  I  learning  I  rpc  I  secure-address  I 
warnings } 


Syntax  Description 


Defaults 


Usage  Guidelines 


Related  Commands 


aging 

Display  MAC  address  aging  debug  messages. 

all 

Display  all  platform  MAC  address  management  event  debug  messages. 

ec-aging 

Display  EtherChannel  address  aging-related  debug  messages. 

errors 

Display  MAC  address  management  error  messages. 

learning 

Display  MAC  address  management  address-learning  debug  messages. 

rpc 

Display  MAC  address  management  remote  procedure  call  (RPC)  related  debug 

messages. 

secure-address 

Display  MAC  address  management  secure  address  learning  debug  messages. 

warning 

Display  MAC  address  management  warning  messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

The  undebug  platform  matm  command  is  the  same  as  the  no  debug  platform  matm  command. 

Command 

Description 

debug  matm 

Displays  information  about  platform-independent  MAC  address  management. 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  messaging  application  I 


debug  platform  messaging  application 


Use  the  debug  platform  messaging  application  privileged  EXEC  command  to  enable  debugging  of 
application  messaging  activity.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  messaging  application  {all  I  badpak  I  cleanup  I  events  I  memerr  I  messages  I 
usererr } 

no  debug  platform  messaging  application  {all  I  badpak  I  cleanup  I  events  I  memerr  I  messages 
I  usererr) 


Syntax  Description  all 


Display  all  application-messaging  debug  messages. 


badpak 

Display  bad-packet  debug  messages. 

cleanup 

Display  clean-up  debug  messages. 

events 

Display  event  debug  messages. 

memerr 

Display  memory-error  debug  messages. 

messages 

Display  application-messaging  debug  messages. 

usererr 

Display  user-error  debug  messages. 

Note      Though  visible  in  the  command-line  help  strings,  the  stackchg  keyword  is  not  supported. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  messaging  application  command  is  the  same  as  the  no  debug  platform 
messaging  application  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  phy 

Use  the  debug  platform  phy  privileged  EXEC  command  to  enable  debugging  of  PHY  driver 
information.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  phy  {automdix  I  cablediag  I  dual-purpose  I  fled  {configure  I  ipc  I  iter  I  trace}  I 
flowcontrol  I  forced  I  init-seq  I  link-status  I  read  I  sfp  I  show-controller  I  speed  I  write  I 
xenpak} 

no  debug  platform  phy  {automdix  I  cablediag  I  dual-purpose  I  fled  {configure  I  ipc  I  iter  I  trace} 
I  flowcontrol  I  forced  I  init-seq  I  link-status  I  read  I  sfp  I  show-controller  I  speed  I  write  I 
xenpak} 


Syntax  Description      automdix  Display  PHY  automatic  medium-dependent  interface  crossover  (auto-MDIX) 

debug  messages. 


cablediag 

Display  PHY  cable-diagnostic  debug  messages. 

dual-purpose 

Display  PHY  dual-purpose  event  debug  messages. 

fled  {configure  1  ipc  1 

Display  PHY  FLCD  debug  messages.  The  keywords  have  these  meanings: 

iter  1  trace } 

•    configure — Display  PHY  configure  debug  messages. 

•    ipc — Display  Interprocess  Communication  Protocol  (IPC)  debug 

messages. 

•    iter — Display  iter  debug  messages. 

•    trace — Display  trace  debug  messages. 

flowcontrol 

Display  PHY  flowcontrol  debug  messages. 

forced 

Display  PHY  forced-mode  debug  messages. 

init-seq 

Display  PHY  initialization-sequence  debug  messages. 

link-status 

Display  PHY  link-status  debug  messages. 

read 

Display  PHY-read  debug  messages. 

sfp 

Display  PHY  small  form-factor  pluggable  (SFP)  modules  debug  messages. 

show-controller 

Display  PHY  show-controller  debug  messages. 

speed 

Display  PHY  speed-change  debug  messages. 

write 

Display  PHY-write  debug  messages. 

xenpak 

Display  PHY  XENPAK  debug  messages 

Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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Usage  Guidelines       The  undebug  platform  phy  command  is  the  same  as  the  no  debug  platform  phy  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  pm 

Use  the  debug  platform  pm  privileged  EXEC  command  to  enable  debugging  of  the  platform-dependent 
port  manager  software  module.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  pm  {all  I  counters  I  errdisable  I  etherchnl  I  exceptions  I  hpm-events  I  idb-events 
I  if-numbers  I  ios-events  I  link-status  I  platform  I  pm-events  I  pm-span  I  pm-vectors  [detail] 
I  rpc  [general  I  oper-info  I  state  I  vectors  I  vp-events]  I  soutput-vectors  I  sync  I  vlans } 

no  debug  platform  pm  { all  I  counters  I  errdisable  I  etherchnl  I  exceptions  I  hpm-events  I 
idb-events  I  if-numbers  I  ios-events  I  link-status  I  platform  I  pm-events  I  pm-span  I 
pm-vectors  [detail]  I  rpc  [general  I  oper-info  I  state  I  vectors  I  vp-events]  I  soutput-vectors  I 
sync  I  vlans} 


Syntax  Description      all  Display  all  port-manager  debug  messages. 


counters 

Display  counters  for  remote  procedure  call  (RPC)  debug  messages. 

errdisable 

Display  error-disabled  related-events  debug  messages. 

etherchnl 

Display  EtherChannel  related-events  debug  messages. 

exceptions 

Display  system  exception  debug  messages. 

hpm-events 

Display  platform  port-manager  event  debug  messages. 

idb-events 

Display  interface  descriptor  block  (IDB)  related-events  debug  messages. 

it -numbers 

Display  interface-number  translation-event  debug  messages. 

ios-events 

Display  Cisco  IOS  event  debug  messages. 

link-status 

Display  interface  link-detection  event  debug  messages. 

platform 

Display  port-manager  function-event  debug  messages. 

pm-events 

Display  port  manager  event  debug  messages. 

pm-span 

Display  port  manager  Switched  Port  Analyzer  (SPAN)  event  debug  messages. 

pm-vectors  [detail] 

Display  port-manager  vector-related-event  debug  messages.  The  keyword  has 

this  meaning: 

•    detail — Display  vector-function  details. 

rpc  [general  1 

Display  RPC  related-event  debug  messages.  The  keywords  have  these 

oper-info  1  state  1 

meanings: 

vectors  1  vp-events] 

•    general — (Optional)  Display  RPC  general  events. 

•    oper-info — (Optional)  Display  operational-  and  informational-related 

RPC  messages. 

•    state — (Optional)  Display  administrative-  and  operational-related  RPC 

messages. 

•    vectors — (Optional)  Display  vector-related  RPC  messages. 

•    vp-events — (Optional)  Display  virtual  ports  related-events  RP  messages. 

soutput-vectors 

Display  IDB  output  vector  event  debug  messages. 

sync 

Display  operational  synchronization  and  VLAN  line-state  event  debug 

messages. 

vlans 

Display  VLAN  creation  and  deletion  event  debug  messages. 
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debug  platform  pm  I 


X   

Note      Though  visible  in  the  command-line  help  strings,  the  stack-manager  keyword  is  not  supported. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  pm  command  is  the  same  as  the  no  debug  platform  pm  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  j 


B-39 


I    debug  platform  port-asic 


Appendix  B     CGESM  Switch  Debug  Commands  | 


debug  platform  port-asic 

Use  the  debug  platform  port-asic  privileged  EXEC  command  to  enable  debugging  of  the  port 
application-specific  integrated  circuit  (ASIC)  driver.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  platform  port-asic  { interrupt  I  periodic  I  read  I  write } 
no  debug  platform  port-asic  {interrupt  I  periodic  I  read  I  write} 


Syntax  Description      interrupt  Display  port-ASIC  interrupt-related  function  debug  messages. 

periodic  Display  port-ASIC  periodic-function-call  debug  messages, 

read  Display  port-ASIC  read  debug  messages, 

write  Display  port-ASIC  write  debug  messages. 


X   

Note      Though  visible  in  the  command-line  help  strings,  the  stack  keyword  is  not  supported. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  port-asic  command  is  the  same  as  the  no  debug  platform  port-asic  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  port-security 


Use  the  debug  platform  port-security  privileged  EXEC  command  to  enable  debugging  of 
platform-dependent  port-security  information.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  port-security  { add  I  aging  I  all  I  delete  I  errors  I  rpc  I  warnings } 

no  debug  platform  port-security  { add  I  aging  I  all  I  delete  I  errors  I  rpc  I  warnings } 


Syntax  Description 


add 

Display  secure  address  addition  debug  messages. 

aging 

Display  secure  address  aging  debug  messages. 

all 

Display  all  port-security  debug  messages. 

delete 

Display  secure  address  deletion  debug  messages. 

errors 

Display  port-security  error  debug  messages. 

rpc 

Display  remote  procedure  call  (RPC)  debug  messages. 

warnings 

Display  warning  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


The  undebug  platform  port-security  command  is  the  same  as  the  no  debug  platform  port-security 

command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  qos-acl-tcam 


Use  the  debug  platform  qos-acl-tcam  privileged  EXEC  command  to  enable  debugging  of  the  quality 
of  service  (QoS)  and  access  control  list  (ACL)  ternary  content  addressable  memory  (TCAM)  manager 
software.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  qos-acl-tcam  {all  I  ctcam  I  errors  I  labels  I  mask  I  rpc  I  team} 

no  debug  platform  qos-acl-tcam  {all  I  ctcam  I  errors  I  labels  I  mask  I  rpc  I  team} 


Syntax  Description 


Defaults 


all 

Display  all  QoS  and  ACL  TCAM  (QATM)  manager  debug  messages. 

ctcam 

Display  Cisco  TCAM  (CTCAM)  related-events  debug  messages. 

errors 

Display  QATM  error-related-events  debug  messages. 

labels 

Display  QATM  label-related-events  debug  messages. 

mask 

Display  QATM  mask-related-events  debug  messages. 

rpc 

Display  QATM  remote  procedure  call  (RPC)  related-events  debug  messages. 

team 

Display  QATM  TCAM-related  events  debug  messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

The  undebug  platform  qos-acl-tcam  command  is  the  same  as  the  no  debug  platform  qos-acl-tcam 

command. 

Command 

Description 

show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  remote-commands 


Use  the  debug  platform  remote-commands  privileged  EXEC  command  to  enable  debugging  of  remote 
commands.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  remote-commands 

no  debug  platform  remote-commands 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  remote-commands  command  is  the  same  as  the  no  debug  platform 
remote-commands  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  resource-manager 


Use  the  debug  platform  resource-manager  privileged  EXEC  command  to  enable  debugging  of  the 
resource  manager  software.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  resource-manager  {all  I  dm  I  erd  I  errors  I  madmed  I  sd  I  stats  I  vld} 

no  debug  platform  resource-manager  {all  I  dm  I  erd  I  errors  I  madmed  I  sd  I  stats  I  vld} 


Syntax  Description 


Defaults 


all 

Display  all  resource  manager  debug  messages. 

dm 

Display  destination-map  debug  messages. 

erd 

Display  equal-cost-route  descriptor-table  debug  messages. 

errors 

Display  error  debug  messages. 

madmed 

Display  the  MAC  address  descriptor  table  and  multi-expansion  descriptor  table 

debug  messages. 

sd 

Display  the  station  descriptor  table  debug  messages. 

stats 

Display  statistics  debug  messages. 

vld 

Display  the  VLAN-list  descriptor  debug  messages. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       The  undebug  platform  resource-manager  command  is  the  same  as  the  no  debug  platform 
resource-manager  command. 


Related  Commands  Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  snmp  I 


debug  platform  snmp 

Use  the  debug  platform  snmp  privileged  EXEC  command  to  enable  debugging  of  the 
platform-dependent  Simple  Network  Management  Protocol  (SNMP)  software.  Use  the  no  form  of  this 
command  to  disable  debugging. 

debug  platform  snmp 

no  debug  platform  snmp 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  snmp  command  is  the  same  as  the  no  debug  platform  snmp  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  span 

Use  the  debug  platform  span  privileged  EXEC  command  to  enable  debugging  of  the 
platform-dependent  Switched  Port  Analyzer  (SPAN)  software.  Use  the  no  form  of  this  command  to 
disable  debugging. 

debug  platform  span 

no  debug  platform  span 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  span  command  is  the  same  as  the  no  debug  platform  span  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  supervisor-asic  I 


debug  platform  supervisor-asic 


Use  the  debug  platform  supervisor-asic  privileged  EXEC  command  to  enable  debugging  of  the 
supervisor  application-specific  integrated  circuit  (ASIC).  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  platform  supervisor-asic  { all  I  errors  I  receive  I  send } 
no  debug  platform  supervisor-asic  {all  I  errors  I  receive  I  send} 


Syntax  Description  all 


Display  all  supervisor-ASIC  event  debug  messages. 


errors 


Display  the  supervisor-ASIC  error  debug  messages. 


receive 
send 


Display  the  supervisor-ASIC  receive  debug  messages. 
Display  the  supervisor-ASIC  send  debug  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


The  undebug  platform  supervisor-asic  command  is  the  same  as  the  no  debug  platform 
supervisor-asic  command. 


Related  Commands 


Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  sw-bridge 


Use  the  debug  platform  sw-bridge  privileged  EXEC  command  to  enable  debugging  of  the  software 
bridging  function.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  sw-bridge  {broadcast  I  control  I  multicast  I  packet  I  unicast} 

no  debug  platform  sw-bridge  {broadcast  I  control  I  multicast  I  packet  I  unicast} 


Syntax  Description 


broadcast 

Display  broadcast-data  debug  messages. 

control 

Display  protocol-packet  debug  messages. 

multicast 

Display  multicast-data  debug  messages. 

packet 

Display  sent  and  received  data  debug  messages. 

unicast 

Display  unicast-data  debug  messages. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  undebug  platform  sw-bridge  command  is  the  same  as  the  no  debug  platform  sw-bridge 

command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  team  I 


debug  platform  team 

Use  the  debug  platform  team  privileged  EXEC  command  to  enable  debugging  of  ternary  content 
addressable  memory  (TCAM)  access  and  lookups.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  platform  team  {log  I  read  I  search  I  write} 

debug  platform  team  log  12  {acl  {input  I  output}  I  local  I  qos} 

debug  platform  team  log  13  {acl  {input  I  output}  I  qos} 

debug  platform  team  read  {reg  I  ssram  I  team} 

debug  platform  team  search 

debug  platform  team  write  {forw-ram  I  reg  I  team} 

no  debug  platform  team  {log  I  read  I  search  I  write} 

no  debug  platform  team  log  12  {acl  {input  I  output}  I  local  I  qos} 

no  debug  platform  team  log  13  {acl  {input  I  output}  I  qos} 

no  debug  platform  team  read  { reg  I  ssram  I  team } 

no  debug  platform  team  search 

no  debug  platform  team  write  {forw-ram  I  reg  I  team} 


Display  Layer  2  field-based  CAM  look-up  type  debug  messages.  The 
keywords  have  these  meanings: 

•  acl  {input  I  output} — Display  input  or  output  ACL  look-up  debug 
messages. 

•  local — Display  local  forwarding  look-up  debug  messages. 

•  qos — Display  classification  and  quality  of  service  (QoS)  look-up 
debug  messages. 

Display  Layer  3  field-based  CAM  look-up  type  debug  messages.  The 
keywords  have  these  meanings: 

•  acl  {input  I  output} — Display  input  or  output  ACL  look-up  debug 
messages. 

•  qos — Display  classification  and  quality  of  service  (QoS)  look-up 
debug  messages. 

read  {reg  I  ssram  I  team}       Display  TCAM-read  debug  messages.  The  keywords  have  these 

meanings: 

•  reg — Display  TCAM-register  read  debug  messages. 

•  ssram — Display  synchronous  static  RAM  (SSRAM)-read  debug 
messages. 

•  team — Display  TCAM-read  debug  messages. 


Syntax  Description      log  12  {acl  {input  I  output}  I 
local  I  qos} 


13  {acl  {input  I  output}  I 

qos} 
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search  Display  supervisor-initiated  TCAM-search  results  debug  messages. 

write  {forw-ram  I  reg  I  Display  TCAM-write  debug  messages.  The  keywords  have  these 

team}  meanings: 

forw-ram — Display  forwarding-RAM  write  debug  messages. 

reg — Display  TCAM-register  write  debug  messages. 

team — Display  TCAM-write  debug  messages. 

X   

Note      Though  visible  in  the  command-line  help  strings,  the  13  ipv6  {acl  {input  I  output}  I  local  I  qos  I 
secondary},  the  13  local,  and  the  13  secondary  keywords  are  not  supported. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  team  command  is  the  same  as  the  no  debug  platform  team  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  udld  I 


debug  platform  udld 


Use  the  debug  platform  udld  privileged  EXEC  command  to  enable  debugging  of  the 
platform-dependent  UniDirectional  Link  Detection  (UDLD)  software.  Use  the  no  form  of  this  command 
to  disable  debugging. 

debug  platform  udld  [all  I  error  I  rpc  { events  I  messages }  ] 

no  debug  platform  udld  [all  I  error  I  rpc  { events  I  messages }  ] 


Syntax  Description  all 


(Optional)  Display  all  UDLD  debug  messages. 


error 


(Optional)  Display  error  condition  debug  messages. 


rpc  [events  I  messages) 


(Optional)  Display  UDLD  remote  procedure  call  (RPC)  debug  messages. 
The  keywords  have  these  meanings: 

•  events — Display  UDLD  RPC  events. 

•  messages — Display  UDLD  RPC  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  udld  command  is  the  same  as  the  no  debug  platform  udld  command. 


Related  Commands  Command 

show  debugging 


Description 

Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  platform  vlan 


Use  the  debug  platform  vlan  privileged  EXEC  command  to  enable  debugging  of  the  VLAN  manager 
software.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  platform  vlan  {errors  I  mvid  I  rpc} 

no  debug  platform  vlan  {errors  I  mvid  I  rpc} 


Syntax  Description      errors  Display  VLAN  error  debug  messages. 


mvid  Display  mapped  VLAN  ID  allocations  and  free  debug  messages, 

rpc  Display  remote  procedure  call  (RPC)  debug  messages. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  platform  vlan  command  is  the  same  as  the  no  debug  platform  vlan  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 


B-52 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Appendix  B     CGESM  Switch  Debug  Commands 


debug  pm  I 


debug  pm 


Use  the  debug  pm  privileged  EXEC  command  to  enable  debugging  of  port  manager  (PM)  activity.  The 
port  manager  is  a  state  machine  that  controls  all  the  logical  and  physical  interfaces.  All  features,  such  as 
VLANs,  UniDirectional  Link  Detection  (UDLD),  and  so  forth,  work  with  the  port  manager  to  provide 
switch  functions.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  pm  {all  I  assert  I  card  I  etherchnl  I  hatable  I  messages  I  port  I  redundancy  I  registry  I  sm 
I  span  I  split  I  vlan  I  vp} 

no  debug  pm  { all  I  assert  I  card  I  etherchnl  I  hatable  I  messages  I  port  I  redundancy  I  registry  I 
sm  I  span  I  split  I  vlan  I  vp} 


Syntax  Description 


^4 

Note 


all 

Display  all  PM  debug  messages. 

assert 

Display  assert  debug  messages. 

card 

Display  line-card  related-events  debug  messages. 

etherchnl 

Display  EtherChannel  related-events  debug  messages. 

hatable 

Display  Host  Access  Table  events  debug  messages. 

messages 

Display  PM  debug  messages. 

port 

Display  port  related-events  debug  messages. 

redundancy 

Display  redundancy  debug  messages. 

registry 

Display  PM  registry  invocation  debug  messages. 

sm 

Display  state-machine  related-events  debug  messages. 

span 

Display  spanning-tree  related-events  debug  messages. 

split 

Display  split-processor  debug  messages. 

vlan 

Display  VLAN  related-events  debug  messages. 

vp 

Display  virtual  port  related-events  debug  messages. 

Though  visible 

in  the  command-line  help  strings,  the  scp  and  pvlan  keywords  are  not  supported. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 
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I    debug  pm 


Usage  Guidelines       The  undebug  pm  command  is  the  same  as  the  no  debug  pm  command. 


Related  Commands      Command  Description 

show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  port-security  B 


debug  port-security 


Use  the  debug  port-security  privileged  EXEC  command  to  enable  debugging  of  the  allocation  and 
states  of  the  port  security  subsystem.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  port-security 

no  debug  port-security 


Syntax  Description      This  command  has  no  arguments  or  keywords. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


Modification 


12.2(25)SE1 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  port-security  command  is  the  same  as  the  no  debug  port-security  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


show  port-security        Displays  port-security  settings  for  an  interface  or  for  the  switch. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


B-55 


I    debug  qos-manager 


Appendix  B     CGESM  Switch  Debug  Commands  | 


debug  qos-manager 


Use  the  debug  qos-manager  privileged  EXEC  command  to  enable  debugging  of  the  quality  of  service 
(QoS)  manager  software.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  qos-manager  {all  I  event  I  verbose} 

no  debug  qos-manager  {all  I  event  I  verbose} 


Syntax  Description      all  Display  all  QoS-manager  debug  messages. 


event  Display  QoS-manager  related-event  debug  messages, 

verbose  Display  QoS-manager  detailed  debug  messages. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 


12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  qos-manager  command  is  the  same  as  the  no  debug  qos-manager  command. 


Related  Commands      Command  Description 


show  debugging  Displays  information  about  the  types  of  debugging  that  are  enabled. 
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debug  spanning-tree  I 


debug  spanning-tree 


Use  the  debug  spanning-tree  privileged  EXEC  command  to  enable  debugging  of  spanning-tree 
activities.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  spanning-tree  {all  I  backbonefast  I  bpdu  I  bpdu-opt  I  config  I  etherchannel  I  events  I 
exceptions  I  general  I  mstp  I  pvst+  I  root  I  snmp  I  switch  I  synchronization  I  uplinkfast) 

no  debug  spanning-tree  {all  I  backbonefast  I  bpdu  I  bpdu-opt  I  config  I  etherchannel  I  events  I 
exceptions  I  general  I  mstp  I  pvst+  I  root  I  snmp  I  switch  I  synchronization  I  uplinkfast} 


Syntax  Description 


Note 


fill 

all 

T^i cnlii\/         cn;itiriin cr -tt-pp  H phi  1  cr  tn p c c a (tp c 
J^laUltiy  aii  a Urtiiiiuitd- Ll CC  UCULlld  lllCoadycs . 

backbonefast 

Display  BackboneFast-event  debug  messages. 

bpdu 

Display  spanning-tree  bridge  protocol  data  unit  (BPDU)  debug  messages. 

bpdu-opt 

Display  optimized  BPDU  handling  debug  messages. 

config 

Display  spanning-tree  configuration  change  debug  messages. 

etherchannel 

Display  EtherChannel-support  debug  messages. 

events 

Display  spanning-tree  topology  event  debug  messages. 

exceptions 

Display  spanning-tree  exception  debug  messages. 

general 

Display  general  spanning-tree  activity  debug  messages. 

mstp 

Debug  Multiple  Spanning  Tree  Protocol  events. 

pvst+ 

Display  per-VLAN  spanning-tree  plus  (PVST+)  event  debug  messages. 

root 

Display  spanning-tree  root-event  debug  messages. 

snmp 

Display  spanning-tree  Simple  Network  Management  Protocol  (SNMP) 

handling  debug  messages. 

synchronization 

Display  the  spanning-tree  synchronization  event  debug  messages. 

switch 

Display  switch  shim  command  debug  messages.  This  shim  is  the  software 

module  that  is  the  interface  between  the  generic  Spanning  Tree  Protocol  (STP) 

code  and  the  platform-specific  code  of  various  switch  platforms. 

uplinkfast 

Display  UplinkFast-event  debug  messages. 

Though  visible  in 

the  command-line  help  strings,  the  csuf/csrt  keyword  is  not  supported. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 
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H    debug  spanning-tree 


Usage  Guidelines       The  undebug  spanning-tree  command  is  the  same  as  the  no  debug  spanning-tree  command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  backbonefast  M 


debug  spanning-tree  backbonefast 


Use  the  debug  spanning-tree  backbonefast  privileged  EXEC  command  to  enable  debugging  of 
spanning-tree  BackboneFast  events.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  spanning-tree  backbonefast  [detail  I  exceptions] 

no  debug  spanning-tree  backbonefast  [detail  I  exceptions] 


Syntax  Description  detail 


(Optional)  Display  detailed  BackboneFast  debug  messages. 


exceptions 


(Optional)  Display  spanning-tree  BackboneFast-exception  debug  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  spanning-tree  backbonefast  command  is  the  same  as  the  no  debug  spanning-tree 
backbonefast  command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  bpdu 

Use  the  debug  spanning-tree  bpdu  privileged  EXEC  command  to  enable  debugging  of  sent  and 
received  spanning-tree  bridge  protocol  data  units  (BPDUs).  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  spanning-tree  bpdu  [receive  I  transmit] 
no  debug  spanning-tree  bpdu  [receive  I  transmit] 


Syntax  Description      receive  (Optional)  Display  the  nonoptimized  path  for  received  BPDU  debug  messages. 

transmit  (Optional)  Display  the  nonoptimized  path  for  sent  BPDU  debug  messages. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  spanning-tree  bpdu  command  is  the  same  as  the  no  debug  spanning-tree  bpdu 

command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  bpdu-opt  M 


debug  spanning-tree  bpdu-opt 

Use  the  debug  spanning-tree  bpdu-opt  privileged  EXEC  command  to  enable  debugging  of  optimized 
spanning-tree  bridge  protocol  data  units  (BPDUs)  handling.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  spanning-tree  bpdu-opt  [detail  I  packet] 
no  debug  spanning-tree  bpdu-opt  [detail  I  packet] 


Syntax  Description      detail  (Optional)  Display  detailed  optimized  BPDU-handling  debug  messages. 

packet  (Optional)  Display  packet-level  optimized  BPDU-handling  debug  messages. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  spanning-tree  bpdu-opt  command  is  the  same  as  the  no  debug  spanning-tree  bpdu-opt 

command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  mstp 


Use  the  debug  spanning-tree  mstp  privileged  EXEC  command  to  enable  debugging  of  the  Multiple 
Spanning  Tree  Protocol  (MSTP)  software.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  spanning-tree  mstp  {all  I  boundary  I  bpdu-rx  I  bpdu-tx  I  errors  I  flush  I  init  I  migration  I 
pm  I  proposals  I  region  I  roles  I  sanity _check  I  sync  I  tc  I  timers} 

no  debug  spanning-tree  mstp  {all  I  boundary  I  bpdu-rx  I  bpdu-tx  I  errors  I  flush  I  init  I  migration 
I  pm  I  proposals  I  region  I  roles  I  sanity _check  I  sync  I  tc  I  timers } 


Syntax  Description  all 


Enable  all  the  debugging  messages. 


boundary  Debug  flag  changes  at  these  boundaries: 

•  An  multiple  spanning-tree  (MST)  region  and  a  single  spanning-tree  region 
running  Rapid  Spanning  Tree  Protocol  (RSTP) 

•  An  MST  region  and  a  single  spanning-tree  region  running  802.  ID 

•  An  MST  region  and  another  MST  region  with  a  different  configuration 


bpdu-rx 

Debug  the  received  MST  bridge  protocol  data  units  (BPDUs). 

bpdu-tx 

Debug  the  sent  MST  BPDUs. 

errors 

Debug  MSTP  errors. 

flush 

Debug  the  port  flushing  mechanism. 

init 

Debug  the  initialization  of  the  MSTP  data  structures. 

migration 

Debug  the  protocol  migration  state  machine. 

pm 

Debug  MSTP  port  manager  events. 

proposals 

Debug  handshake  messages  between  the  designated  switch  and  the  root  switch. 

region 

Debug  the  region  synchronization  between  the  switch  processor  (SP)  and  the  route 
processor  (RP). 

roles 

Debug  MSTP  roles. 

sanity_check 

Debug  the  received  BPDU  sanity  check  messages. 

sync 

Debug  the  port  synchronization  events. 

tc 

Debug  topology  change  notification  events. 

timers 

Debug  the  MSTP  timers  for  start,  stop,  and  expire  events. 

Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


B-62 


j    Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide 


380265-003  I 


I  Appendix  B     CGESM  Switch  Debug  Commands 


debug  spanning-tree  mstp  H 


Usage  Guidelines       The  undebug  spanning-tree  mstp  command  is  the  same  as  the  no  debug  spanning-tree  mstp 

command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  switch 

Use  the  debug  spanning-tree  switch  privileged  EXEC  command  to  enable  debugging  of  the  software 
interface  between  the  Spanning  Tree  Protocol  (STP)  software  module  and  the  port  manager  software 
module.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  spanning-tree  switch  {all  I  errors  I  flush  I  general  I  helper  I  pm  I  rx  {decode  I  errors  I 
interrupt  I  process}  I  state  I  tx  [decode]  I  uplinkfast} 

no  debug  spanning-tree  switch  {all  I  errors  I  flush  I  general  I  helper  I  pm  I  rx  {decode  I  errors  I 
interrupt  I  process}  I  state  I  tx  [decode]  I  uplinkfast} 


Syntax  Description      all  Display  all  spanning-tree  switch  debug  messages. 


errors 

Display  debug  messages  for  the  interface  between  the  spanning-tree  software 

module  and  the  port  manager  software  module. 

flush 

Display  debug  messages  for  the  shim  flush  operation. 

general 

Display  general  event  debug  messages. 

helper 

Display  spanning-tree  helper-task  debug  messages.  Helper  tasks  handle  bulk 

spanning-tree  updates. 

pm 

Display  port-manager  event  debug  messages. 

rx  Display  received  bridge  protocol  data  unit  (BPDU)  handling  debug  messages.  The 


keywords  have  these  meanings: 

•  decode — Display  decoded  received  packets. 

•  errors — Display  receive  error  debug  messages. 

•  interrupt — Display  interrupt  service  request  (ISR)  debug  messages. 

•  process — Display  process  receive  BPDU  debug  messages. 


state 

Display  spanning-tree  port  state  change  debug  messages; 

tx  [decode] 

Display  sent  BPDU  handling  debug  messages.  The  keyword  has  this  meaning: 

•    decode — (Optional)  Display  decoded  sent  packets. 

uplinkfast 

Display  uplinkfast  packet  transmission  debug  messages. 

Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  spanning-tree  switch  command  is  the  same  as  the  no  debug  spanning-tree  switch 

command. 
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Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  spanning-tree  uplinkfast 


Use  the  debug  spanning-tree  uplinkfast  privileged  EXEC  command  to  enable  debugging  of 
spanning-tree  UplinkFast  events.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  spanning-tree  uplinkfast  [exceptions] 

no  debug  spanning-tree  uplinkfast  [exceptions] 


Syntax  Description      exceptions  (Optional)  Display  spanning-tree  UplinkFast-exception  debug  messages. 


Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  spanning-tree  uplinkfast  command  is  the  same  as  the  no  debug  spanning-tree 
uplinkfast  command. 


Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugging  that  are  enabled. 

show  spanning-tree 

Displays 

spanning-tree  state  information. 
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debug  sw-vlan  H 


debug  sw-vlan 


Use  the  debug  sw-vlan  privileged  EXEC  command  to  enable  debugging  of  VLAN  manager  activities. 
Use  the  no  form  of  this  command  to  disable  debugging. 

debug  sw-vlan  {badpmcookies  I  cfg-vlan  {bootup  I  cli }  I  events  I  ifs  I  management  I  mapping  I 
notification  I  packets  I  redundancy  I  registries  I  vtp} 

no  debug  sw-vlan  { badpmcookies  I  cfg-vlan  { bootup  I  cli }  I  events  I  ifs  I  management  I  mapping 
I  notification  I  packets  I  redundancy  I  registries  I  vtp } 


Syntax  Description 


Defaults 
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cookies. 

cfg-vlan  {bootup  1  cli} 

Display  config-vlan  debug  messages.  The  keywords  have  these  meanings: 

•  bootup — Display  messages  when  the  switch  is  booting  up. 

•  cli — Display  messages  when  the  command-line  interface  (CLI)  is  in 
config-vlan  mode. 

events 

Display  debug  messages  for  VLAN  manager  events. 

ifs 

See  the  debug  sw-vlan  ifs  command. 

management 

Display  debug  messages  for  VLAN  manager  management  of  internal 
VLANs. 

mapping 

T"\  "1               11  JT17TAXT 

Display  debug  messages  for  VLAN  mapping. 

notification 

See  the  debug  sw-vlan  notification  command. 

packets 

Display  debug  messages  for  packet  handling  and  encapsulation  processes. 

redundancy 

Display  debug  messages  for  VTP  VLAN  redundancy. 

registries 

Display  debug  messages  for  VLAN  manager  registries. 

vtp 

See  the  debug  sw-vlan  vtp  command. 

Debugging  is  disabled. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines       The  undebug  sw-vlan  command  is  the  same  as  the  no  debug  sw-vlan  command. 
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Related  Commands      Command  Description 


show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  vlan 

Displays  the  parameters  for  all  configured  VLANs  or  one  VLAN  (if  the 
VLAN  name  or  ID  is  specified)  in  the  administrative  domain. 

show  vtp 

Displays  general  information  about  VTP  management  domain,  status,  and 
counters. 
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debug  sw-vlan  ifs 


Use  the  debug  sw-vlan  ifs  privileged  EXEC  command  to  enable  debugging  of  the  VLAN  manager  IOS 
file  system  (IFS)  error  tests.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  sw-vlan  ifs  {open  {read  I  write}  I  read  {1  I  2  I  3  I  4}  I  write} 

no  debug  sw-vlan  ifs  { open  { read  I  write }  I  read  { 1  I  2  I  3  I  4 }  I  write } 


Syntax  Description      open  {read  I  write} 


read  {112  13  14} 


write 


Display  VLAN  manager  IFS  file-open  operation  debug  messages.  The 
keywords  have  these  meanings: 

•  read — Display  VLAN  manager  IFS  file-read  operation  debug  messages. 

•  write — Display  VLAN  manager  IFS  file-write  operation  debug  messages. 

Display  file-read  operation  debug  messages  for  the  specified  error  test  (1,  2,  3, 
or  4). 

Display  file-write  operation  debug  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines       The  undebug  sw-vlan  ifs  command  is  the  same  as  the  no  debug  sw-vlan  ifs  command. 

When  selecting  the  file  read  operation,  Operation  1  reads  the  file  header,  which  contains  the  header 
verification  word  and  the  file  version  number.  Operation  2  reads  the  main  body  of  the  file,  which 
contains  most  of  the  domain  and  VLAN  information.  Operation  3  reads  type  length  version  (TLV) 
descriptor  structures.  Operation  4  reads  TLV  data. 


Related  Commands  Command 


show  debugging 


show  vlan 


Description 


Displays  information  about  the  types  of  debugging  that  are  enabled. 


Displays  the  parameters  for  all  configured  VLANs  or  one  VLAN  (if  the 
VLAN  name  or  ID  is  specified)  in  the  administrative  domain. 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


B-69 


H    debug  sw-vlan  notification 


Appendix  B     CGESM  Switch  Debug  Commands  | 


debug  sw-vlan  notification 

Use  the  debug  sw-vlan  notification  privileged  EXEC  command  to  enable  debugging  of  the  activation 
and  deactivation  of  Inter-Link  Switch  (ISL)  VLAN  IDs.  Use  the  no  form  of  this  command  to  disable 
debugging. 

debug  sw-vlan  notification  { accfwdchange  I  allowedvlancfgchange  I  fwdchange  I  linkchange  I 
modechange  I  pruningcfgchange  I  statechange} 

no  debug  sw-vlan  notification  { accfwdchange  I  allowedvlancfgchange  I  fwdchange  I 
linkchange  I  modechange  I  pruningcfgchange  I  statechange} 


Syntax  Description      accfwdchange  Display  debug  messages  for  VLAN  manager  notification  of  aggregated 

access  interface  spanning-tree  forward  changes. 


allowedvlancfgchange 

Display  debug  messages  for  VLAN  manaj 
allowed  VLAN  configuration. 

;er  notification  of  changes  to  the 

fwdchange 

Display  debug  messages  for  VLAN  manaj 
forwarding  changes. 

ger  notification  of  spanning-tree 

linkchange 

Display  debug  messages  for  VLAN  manager  notification  of  interface 
link-state  changes. 

modechange 

Display  debug  messages  for  VLAN  manag 
changes. 

;er  notification  of  interface  mode 

pruningcfgchange 

Display  debug  messages  for  VLAN  manaj 
pruning  configuration. 

;er  notification  of  changes  to  the 

statechange 

Display  debug  messages  for  VLAN  manaj 
changes. 

|er  notification  of  interface  state 

Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  sw-vlan  notification  command  is  the  same  as  the  no  debug  sw-vlan  notification 

command. 


Related  Commands      Command  Description 


show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  vlan 

Displays  the  parameters  for  all  configured  VLANs  or  one  VLAN  (if  the 
VLAN  name  or  ID  is  specified)  in  the  administrative  domain. 
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debug  sw-vlan  vtp 


Use  the  debug  sw-vlan  vtp  privileged  EXEC  command  to  enable  debugging  of  the  VLAN  Trunking 
Protocol  (VTP)  code.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  sw-vlan  vtp  { events  I  packets  I  pruning  [packets  I  xmit]  I  redundancy  I  xmit } 

no  debug  sw-vlan  vtp  {events  I  packets  I  pruning  I  redundancy  I  xmit} 


Syntax  Description  events 


packets 


pruning  [packets  I  xmit] 


redundancy 
xmit 


Display  debug  messages  for  general-purpose  logic  flow  and  detailed  VTP 
messages  generated  by  the  VTP_LOG_RUNTIME  macro  in  the  VTP 
code. 

Display  debug  messages  for  the  contents  of  all  incoming  VTP  packets 
that  have  been  passed  into  the  VTP  code  from  the  IOS  VTP 
platform-dependent  layer,  except  for  pruning  packets. 

Display  debug  messages  generated  by  the  pruning  segment  of  the  VTP 
code.  The  keywords  have  these  meanings: 

•  packets — (Optional)  Display  debug  messages  for  the  contents  of  all 
incoming  VTP  pruning  packets  that  have  been  passed  into  the  VTP 
code  from  the  IOS  VTP  platform-dependent  layer. 

•  xmit — (Optional)  Display  debug  messages  for  the  contents  of  all 
outgoing  VTP  packets  that  the  VTP  code  requests  the  IOS  VTP 
platform-dependent  layer  to  send. 

Display  debug  messages  for  VTP  redundancy. 

Display  debug  messages  for  the  contents  of  all  outgoing  VTP  packets  that 
the  VTP  code  requests  the  IOS  VTP  platform-dependent  layer  to  send, 
except  for  pruning  packets. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


The  undebug  sw-vlan  vtp  command  is  the  same  as  the  no  debug  sw-vlan  vtp  command. 

If  no  further  parameters  are  entered  after  the  pruning  keyword,  VTP  pruning  debugging  messages 
appear.  They  are  generated  by  the  VTP_PRUNING_LOG_NOTICE,  VTP_PRUNING_LOG_INFO, 
VTP_PRUNING_LOG_DEBUG,  VTP_PRUNING_LOG_ALERT,  and 
VTP_PRUNING_LOG_WARNING  macros  in  the  VTP  pruning  code. 
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Related  Commands      Command  Description 


show  debugging 

Displays 

information  about  the  types  of  debugs 

;ing  that  are  enabled. 

show  vtp 

Displays 
counters. 

general  information  about  VTP  manaj 

jement  domain,  status,  and 
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debug  udld 

Use  the  debug  udld  privileged  EXEC  command  to  enable  debugging  of  the  UniDirectional  Link 
Detection  (UDLD)  feature.  Use  the  no  form  of  this  command  to  disable  UDLD  debugging. 

debug  udld  { events  I  packets  I  registries } 

no  debug  udld  {events  I  packets  I  registries) 

Syntax  Description      events  Display  debug  messages  for  UDLD  process  events  as  they  occur. 


packets 

Display  debug  messages  for  the  UDLD  process  as  it  receives  packets  from  the 
packet  queue  and  tries  to  send  them  at  the  request  of  the  UDLD  protocol  code. 

registries 

Display  debug  messages  for  the  UDLD  process  as  it  processes  registry  calls  from 
the  UDLD  process-dependent  module  and  other  feature  modules. 

Defaults  Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines       The  undebug  udld  command  is  the  same  as  the  no  debug  udld  command. 
For  debug  udld  events,  these  debugging  messages  appear: 

•  General  UDLD  program  logic  flow 

•  State  machine  state  changes 

•  Program  actions  for  the  set  and  clear  ErrDisable  state 

•  Neighbor  cache  additions  and  deletions 

•  Processing  of  configuration  commands 

•  Processing  of  link-up  and  link-down  indications 

For  debug  udld  packets,  these  debugging  messages  appear: 

•  General  packet  processing  program  flow  on  receipt  of  an  incoming  packet 

•  Indications  of  the  contents  of  the  various  pieces  of  packets  received  (such  as  type  length  versions 
[TLVs])  as  they  are  examined  by  the  packet  reception  code 

•  Packet  transmission  attempts  and  the  outcome 

For  debug  udld  registries,  these  categories  of  debugging  messages  appear: 

•  Sub-block  creation 

•  Fiber-port  status  changes 
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•  State  change  indications  from  the  port  manager  software 

•  MAC  address  registry  calls 


Related  Commands      Command  Description 


show  debugging 

Displays  information  about  the  types  of  debugging  that  are  enabled. 

show  udld 

Displays  UDLD  administrative  and  operational  status  for  all  ports  or  the 
specified  port. 
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debug  vqpc  I 


debug  vqpc 


Use  the  debug  vqpc  privileged  EXEC  command  to  enable  debugging  of  the  VLAN  Query  Protocol 
(VQP)  client.  Use  the  no  form  of  this  command  to  disable  debugging. 

debug  vqpc  [all  I  cli  I  events  I  learn  I  packet] 

no  debug  vqpc  [all  I  cli  I  events  I  learn  I  packet] 


Syntax  Description  all 


cli 

events 

learn 

packet 


(Optional)  Display  all  VQP  client  debug  messages. 


(Optional)  Display  the  VQP  client  command-line  interface  (CLI)  debug 
messages. 

(Optional)  Display  VQP  client  event  debug  messages. 
(Optional)  Display  VQP  client  address  learning  debug  messages. 
(Optional)  Display  VQP  client  packet  information  debug  messages. 


Defaults 


Debugging  is  disabled. 


Command  Modes        Privileged  EXEC 


Command  History  Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines       The  undebug  vqpc  command  is  the  same  as  the  no  debug  vqpc  command. 


Related  Commands  Command 


Description 


show  debugging 


Displays  information  about  the  types  of  debugging  that  are  enabled. 
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APPENDIX 


CGESM  Switch  Show  Platform  Commands 


This  appendix  describes  the  show  platform  privileged  EXEC  commands  that  have  been  created  or 
changed  for  use  with  the  switch.  These  commands  display  information  helpful  in  diagnosing  and 
resolving  internetworking  problems  and  should  be  used  only  under  the  guidance  of  Cisco  technical 
support  staff. 
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show  platform  acl 


Use  the  show  platform  acl  privileged  EXEC  command  to  display  platform-dependent  access  control  list 
(ACL)  manager  information. 

show  platform  acl  {interface  interface-id  I  label  label-number  [detail]  I  statistics  asic-number  I 
usage  asic-number  [summary]  I  vlan  vlan-id}  [  I  [begin  I  exclude  I  include}  expression] 


Syntax  Description      interface  interface-id 

label  label-number 
[detail] 

statistics  asic-number 


usage  asic-number 
[summary] 

vlan  vlan-id 


begin 


exclude 


I  include 

expression 


Display  per-interface  ACL  manager  information  for  the  specified  interface. 
The  interface  can  be  a  physical  interface  or  a  VLAN. 

Display  per-label  ACL  manager  information.  The  label-number  range  is  0  to 
255.  The  keyword  has  this  meaning: 

•  detail — (Optional)  Display  detailed  ACL  manager  label  information. 

Display  per-ASIC  ACL  manager  information.  The  asic-number  is  the  port 
ASIC  number,  either  0  or  1. 

Display  per-ASIC  ACL  usage  information.  The  keyword  has  this  meaning: 

•  summary — (Optional)  Display  usage  information  in  a  brief  format. 

Display  per- VLAN  ACL  manager  information.  The  vlan-id  range  is  from  1  to 
4094. 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 


(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 
Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes        Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  backup  interface  II 


show  platform  backup  interface 


Use  the  show  platform  backup  interface  privileged  EXEC  command  to  display  platform-dependent 
backup  information  used  in  a  Flex  Links  configuration. 

show  platform  backup  interface  [interface-id  I  dummyQ]  [  I  {begin  I  exclude  I  include} 

expression] 


Syntax  Description 

interface-id 

(Optional)  Display  backup  information  for  all  interfaces  or  the  specified 
interface.  The  interface  can  be  a  physical  interface  or  a  port  channel. 

dummyQ 

(Optional)  Display  dummy  queue  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  configuration 


Use  the  show  platform  configuration  privileged  EXEC  command  to  display  platform-dependent 
configuration-manager  related  information. 

show  platform  configuration  { config-output  I  default  I  running  I  startup}  [  I  {begin  I  exclude  I 
include)  expression] 


Syntax  Description 

config-output 

Display  the  output  of  the  last  auto-configuration  application. 

default 

Display  whether  or  not  the  system  is  running  the  default  configuration. 

running 

Display  a  snapshot  of  the  backed-up  running  configuration  on  the  local 

switch. 

startup 

Display  a  snapshot  of  the  backed-up  startup  configuration  on  the  local  switch. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  etherchannel  M 


show  platform  etherchannel 


Use  the  show  platform  etherchannel  privileged  EXEC  command  to  display  platform-dependent 
EtherChannel  information. 

show  platform  etherchannel  { flags  I  time-stamps }  [  I  { begin  I  exclude  I  include }  expression] 


Syntax  Description 

flass 

Display  EtherChannel  port  flags. 

time-stamps 

Display  EtherChannel  time  stamps. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  forward 

Use  the  show  platform  forward  privileged  EXEC  command  for  an  interface  to  specify  how  the 
hardware  would  forward  a  frame  that  matches  the  specified  parameters. 

show  platform  forward  interface-id  [vlan  vlan-id]  src-mac  dst-mac  [I3protocol-id]  [sap  I  snap] 
[cos  cos]  [ip  src-ip  dst-ip  [irag field]  [dscp  dscp]  {l4protocol-id  I  icmp  icmp-type  icmp-code  I 
igmp  igmp-version  igmp-type  I  sctp  src-port  dst-port  I  tcp  src-port  dst-port  flags  I  udp  src-port 
dst-port] }  [  I  { begin  I  exclude  I  include )  expression] 


Syntax  Description       interface-id  The  input  physical  interface,  the  port  on  which  the  packet  comes  in  to  the 

switch  (including  type  and  port  number). 


vlan  vlan-id 

^uptionaij  input  vlain  ijj.  ine  range  is  i  to  <\\)y<\. 11  not  specmeo,  anu 

the  input  interface  is  not  a  routed  port,  the  default  is  1 . 

src-mac 

48-bit  source  MAC  address. 

dst-mac 

48-bit  destination  MAC  address. 

Uprotocol-id 

(Optional)  The  Layer  3  protocol  used  in  the  packet.  The  number  is  a 

value  0  to  65535. 

saptat 

(Optional)  Service  access  point  (SAP)  encapsulation  type. 

snap 

^vjpuoiiaij  oUDiieLworK  Access  rioiocoi  ^oiNArj  encapsulation  type. 

cos  cos 

(Optional)  Class  of  service  (CoS)  value  of  the  frame.  The  range  is  0  to  7. 

ip  src-ip  dst-ip 

(Optional,  but  required  for  IP  packets)  Source  and  destination  IP 

addresses  in  dotted  decimal  notation. 

frag  field 

(Optional)  The  IP  fragment  field  for  a  fragmented  IP  packet.  The  range 

IS  U  to  COjjj. 

dscp  dscp 

(Uptionai)  JJiiierentiateu  services  code  roint  (UoCrj  iieiu  in  tne  ir 

header.  The  range  is  0  to  63. 

l4protocol-id 

The  numeric  value  of  the  Layer  4  protocol  field  in  the  IP  header.  The 

range  is  0  to  255.  For  example,  47  is  generic  routing  encapsulation 

(GRE),  and  89  is  Open  Shortest  Path  First  (OSPF).  If  the  protocol  is  TCP, 

User  Datagram  Protocol  (UDP),  Internet  Control  Message  Protocol 

(ICMP),  or  Internet  Group  Management  Protocol  (IGMP),  you  should 

use  the  appropriate  keyword  instead  of  a  numeric  value. 

icmp  icmp-type 

ICMP  parameters.  The  icmp-type  and  icmp-code  ranges  are  0  to  255. 

icmp-code 

igmp  igmp-version 

IGMP  parameters.  The  igmp-version  range  is  1  to  15;  the  igmp-type 

igmp-type 

range  is  0  to  15. 

sctp  src-port  dst-port 

Stream  Control  Transmission  Protocol  (SCTP)  parameters.  The  ranges 

for  the  SCTP  source  and  destination  ports  are  0  to  65535. 

tcp  src-port  dst-port 

TCP  parameters:  TCP  source  port,  destination  port,  and  the  numeric 

flags 

value  of  the  TCP  flags  byte  in  the  header.  The  src-port  and  dst-port 

ranges  are  0  to  65535.  The  flag  range  is  0  to  1024. 

udp  src-port  dst-port 

UDP  parameters.  The  src-port  and  dst-port  ranges  are  0  to  65535. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 
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show  platform  forward  SM 


1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


Usage  Guidelines  You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 


Examples  For  examples  of  the  show  platform  forward  command  output  displays  and  what  they  mean,  see  the 

"Troubleshooting"  chapter  of  the  software  configuration  guide  for  this  release. 
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show  platform  ip  igmp  snooping 

Use  the  show  platform  ip  igmp  snooping  privileged  EXEC  command  to  display  platform-dependent 
Internet  Group  Management  Protocol  (IGMP)  snooping  information. 

show  platform  ip  igmp  snooping  {all  I  control  [di]  I  counters  I  flood  [vlan  vlan-id]  I  group 
ip-address  I  hardware  I  retry  [count  I  local  [count]  I  remote  [count]]}  [  I  [begin  I  exclude  I 
include]  expression] 


Syntax  Description      all  Display  all  IGMP  snooping  platform  IP  multicast  information. 


control  [di] 

Display  IGMP  snooping  control  entries.  The  keyword  has  this  meaning: 

•    di — (Optional)  Display  IGMP  snooping  control  destination  index 

entries. 

counters 

Display  IGMP  snooping  counters. 

flood  [vlan  vlan-id] 

Display  IGMP  snooping  flood  information.  The  keyword  has  this  meaning: 

•    vlan  vlan-id — (Optional)  Display  flood  information  for  the  specified 

VLAN.  The  range  is  1  to  4094. 

group  ip-address 

Display  the  IGMP  snooping  multicast  group  information,  where  ip-address  is 

the  IP  address  of  the  group. 

hardware 

Display  IGMP  snooping  information  loaded  into  hardware. 

retry  [count  1  local 

Display  IGMP  snooping  retry  information.  The  keywords  have  these 

[count] 

meanings: 

•    count — (Optional)  Display  only  the  retry  count. 

•    local — (Optional)  Display  local  retry  entries. 

remote  [count] 

Display  remote  entries.  The  keyword  has  this  meaning: 

•    count — (Optional)  Display  only  the  remote  count. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 
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show  platform  ip  igmp  snooping  Si 


Usage  Guidelines  You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  layer4op 


Use  the  show  platform  layer4op  privileged  EXEC  command  to  display  platform-dependent  Layer  4 
operator  information. 

show  platform  layer4op  {acl  I  pad  [port-asic]  I  qos  [port-asic]}  {and-or  I  map  I  or-and  I  vcu}  [ 
I  {hegin  I  exclude  I  include}  expression] 


Syntax  Description 


acl 

Display  access  control  list  (ACL)  Layer  4  operators  information. 

pacl  [port-asic] 

Display  port  ACL  Layer  4  operators  information.  The  keyword  has  this  meaning: 

•   port-asic — (Optional)  Port  ASIC  number. 

qos  [port-asic] 

Display  quality  of  service  (QoS)  Layer  4  operators  information.  The  keyword  has 

this  meaning: 

•   port-asic — (Optional)  QoS  port  ASIC  number. 

and-or 

Display  AND-OR  registers  information. 

map 

Display  select  map  information. 

or-and 

Display  OR-AND  registers  information. 

vcu 

Display  value  compare  unit  (VCU)  register  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Privileged  EXEC 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  mac-address-table 


Use  the  show  platform  mac-address-table  privileged  EXEC  command  to  display  platform-dependent 
MAC  address  table  information. 

show  platform  mac-address-table  [aging-array  I  hash-table  I  mac-address  mac-address]  [vlan 

vlan-id]]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

aging-array 

(Optional)  Display  the  MAC  address  table  aging  array. 

hash-table 

(Optional)  Display  the  MAC  address  table  hash  table. 

mac-address  mac- 

■address     (Optional)  Display  the  MAC  address  table  MAC  address  information, 

where  mac-address  is  the  48-bit  hardware  address. 

vlan  vlan-id 

(Optional)  Display  information  for  the  specified  VLAN.  The  range  is  1 

to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  messaging 


Use  the  show  platform  messaging  privileged  EXEC  command  to  display  platform-dependent 
application  and  performance  message  information. 

show  platform  messaging  { application  [incoming  I  outgoing  I  summary]  I  hiperf 

[class-number]}  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


application  [incoming  I 
outgoing  I  summary] 


hiperf  [class-number] 


begin 


I  exclude 


I  include 

expression 


Display  application  message  information.  The  keywords  have  these 
meanings: 

•  incoming — (Optional)  Display  only  information  about  incoming 
application  messaging  requests. 

•  outgoing — (Optional)  Display  only  information  about  incoming 
application  messaging  requests. 

•  summary — (Optional)  Display  summary  information  about  all 
application  messaging  requests. 

Display  outgoing  high-performance  message  information.  Specify  the 
class-number  option  to  display  information  about  high-performance 
messages  for  this  class  number.  The  range  is  0  to  36. 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 


(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 
Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  monitor 


Use  the  show  platform  monitor  privileged  EXEC  command  to  display  platform-dependent  Switched 
Port  Analyzer  (SPAN)  information. 

show  platform  monitor  [session  session-number]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

session 

(Optional)  Display  SPAN  information  for  the  specified  SPAN  session.  The 

session-number 

range  is  1  to  66. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  mvr  table 


Use  the  show  platform  mvr  table  privileged  EXEC  command  to  display  the  platform-dependent 
Multicast  VLAN  Registration  (MVR)  multi-expansion  descriptor  (MED)  group  mapping  table. 

show  platform  mvr  table  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  a  technical  support  representative 
while  troubleshooting  a  problem.  Do  not  use  this  command  unless  a  technical  support  representative  asks 
you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  pm  M 


show  platform  pm 


Use  the  show  platform  pm  privileged  EXEC  command  to  display  platform-dependent  port-manager 
information. 

show  platform  pm  {counters  I  group-masks  I  idbs  { active-idbs  I  deleted-idbs }  I  if-numbers  I 
link-status  I  platform-block  I  port-info  interface-id  I  vlan  {info  I  line-state} 
[  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

counters 

Display  module  counters  information. 

group-masks 

Display  EtherChannel  group  masks  information. 

idbs  {active-idbs  1 
deleted-idbs} 

Display  interface  data  block  (1DB)  information.  The  keywords  have  these 
meanings: 

•  active-idbs — Display  active  IDB  information. 

•  deleted-idbs — Display  deleted  and  leaked  IDB  information. 

if-numbers 

Display  interface  numbers  information. 

link-status 

Display  local  port  link  status  information. 

platform-block 

Display  platform  port  block  information. 

port-info  interface-id 

Display  port  administrative  and  operation  fields  for  the  specified  interface. 

vlan  { info  1  line-state } 

Display  platform  VLAN  information.  The  keywords  have  these  meanings: 

•  info — Display  information  for  active  VLANs. 

•  line-state — Display  line-state  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

X 

Note 

Though  visible  in  the  command-line  help  strings,  the  stack-view  keyword  is  not  supported. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  port-asic 

Use  the  show  platform  port-asic  privileged  EXEC  command  to  display  platform-dependent  port  ASIC 
register  information. 

show  platform  port-asic  {cpu-queue-map-table  [asic  number  I  port  number  [asic  number]]  I 
dest-map  index  number  I 

etherchannel-info  [asic  number  I  port  number  [asic  number]]  I 
exception  [asic  number  I  port  number  [asic  number]]  I 
global-status  [asic  number  I  port  number  [asic  number]]  I 
learning  [asic  number  I  port  number  [asic  number]]  I 
mac-info  [asic  number  I  port  number  [asic  number]]  I 
mvid  [asic  number]  I 

packet-info-ram  [asic  number  I  index  number  [asic  number]]  I 
port-info  [asic  number  I  port  number  [asic  number]]  I 
prog-parser  [asic  number  I  port  number  [asic  number]]  I 

receive  {buffer-queue  I  port-fifo  I  supervisor-sram}  [asic  number  I  port  number  [asic 
number]]  I 

span  [vlan-id  [asic  number]  I  [asic  number] 

stats  {drop  I  enqueue  I  miscellaneous  I  supervisor}  [asic  number  I  port  number  [asic 
number]]  I 

transmit  {port-fifo  I  queue  I  supervisor-sram}  [asic  number  I  port  number  [asic  number]] 
vet  [asic  number  I  port  number  [asic  number]] 
version } 

[  I  {begin  I  exclude  I  include}  expression] 


Display  the  CPU  queue-map  table  entries.  The  keywords  have 
these  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27. 

dest-map  index  number  Display  destination-map  information  for  the  specified  index.  The 

range  is  0  to  65535. 

etherchannel-info  [asic  number  I  Display  the  contents  of  the  EtherChannel  information  register.  The 
port  number  [asic  number]]  keywords  have  these  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 


Syntax  Description  cpu-queue-map-table 

[asic  number  I  port  number 
[asic  number]] 
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show  platform  port-asic  % 


exception  [asic  number  I  port  Display  the  exception-index  register  information.  The  keywords 
number  [asic  number]]  have  these  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

global-status  [asic  number  I  Display  global  and  interrupt  status.  The  keywords  have  these 

port  number  [asic  number]]  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

learning  [asic  number  I  port  Display  entries  in  the  learning  cache.  The  keywords  have  these 

number  [asic  number]]  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

mac-info  [asic  number  I  Display  the  contents  of  the  MAC  information  register.  The 

port  number  [asic  number]]  keywords  have  these  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

mvid  [asic  number]  Display  the  mapped  VLAN  ID  table.  The  keyword  has  this 

meaning: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

packet-info-ram  [asic  number  I      Display  the  packet  information  RAM.  The  keywords  have  these 
index  number  [asic  number]]  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  index  number — (Optional)  Display  information  for  the 
specified  packet  RAM  index  number  and  ASIC  number.  The 
range  is  0  to  63. 
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port-info  [asic  number  I  port  Display  port  information  register  values.  The  keywords  have  these 
number  [asic  number]]  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

prog-parser  [asic  number  I  port  Display  the  programmable  parser  tables.  The  keywords  have  these 
number  [asic  number]]  meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

Display  receive  information.  The  keywords  have  these  meanings: 

•  buffer-queue — Display  the  buffer  queue  information. 

•  port-fifo — Display  the  port-FIFO  information. 

•  supervisor-sram — Display  the  supervisor  static  RAM 
(SRAM)  information. 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 

span  [vlan-id  I  asic  number]  Display  the  Switched  Port  Analyzer  (SPAN)-related  information. 

The  keywords  have  these  meanings: 

•  vlan-id — (Optional)  Display  information  for  the  specified 
VLAN.  The  range  is  0  to  1023. 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

Display  raw  statistics  for  the  port  ASIC.  The  keywords  have  these 
meanings: 

•  drop — Display  drop  statistics. 

•  enqueue — Display  enqueue  statistics. 

•  miscellaneous — Display  miscellaneous  statistics. 

•  supervisor — Display  supervisor  statistics. 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 


receive  {buffer-queue  I  port-fifo  I 
supervisor-sram}  [asic  number  I 
port  number  [asic  number]] 


stats  {drop  I  enqueue  I 
miscellaneous  I  supervisor}  [asic 
number  I  port  number  [asic 
number]] 
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show  platform  port-asic  % 


Display  transmit  information.  The  keywords  have  these  meanings: 

•  port-fifo — Display  the  contents  of  the  port-FIFO  information 
register. 

•  queue — Display  the  contents  of  the  queue  information 
register. 

•  supervisor-sram — Display  supervisor  SRAM  information. 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 

•  port  number — (Optional)  Display  information  for  the 
specified  port  and  ASIC  number.  The  range  is  0  to  27,  where  0 
is  the  supervisor  and  1  to  25  are  the  ports. 

vet  [asic  number  I  port  number      Display  the  VLAN  compression  table  entries  for  the  specified 
[asic  number]]  ASIC  or  for  the  specified  port  and  ASIC.  The  keywords  have  these 

meanings: 

•  asic  number — (Optional)  Display  information  for  the 
specified  ASIC.  The  range  is  0  to  1. 


•    port  number — (Optional)  Display  information  for  the 

specified  port  and  ASIC  number.  The  range  is  0  to  27,  where 
0  is  the  supervisor  and  1  to  25  are  the  ports. 


version 

Display  version  and  device  type  information  for  port  ASICs. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the 

expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified 

expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

%   

Note      Though  visible  in  the  command-line  help  strings,  the  stack  {control  I  dest-map  I  learning  I  messages  I 
mvid  I  prog-parser  I  span  I  stats  [asic  number  I  port  number  [asic  number]]  keywords  are  not 
supported. 


Command  Modes        Privileged  EXEC 


Command  History        Release  Modification 

12.2(25)SE1  This  command  was  introduced. 


transmit  {port-fifo  I  queue  I 
supervisor-sram}  [asic  number  I 
port  number  [asic  number]] 
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Usage  Guidelines        You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 

representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  port-security 


Use  the  show  platform  port-security  privileged  EXEC  command  to  display  platform-dependent 
port-security  information. 

show  platform  port-security  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  qos 


Use  the  show  platform  qos  privileged  EXEC  command  to  display  platform-dependent  quality  of  service 
(QoS)  information. 

show  platform  qos  {label  asic  number  I  policer  {parameters  asic  number  I 
port  alloc  number  asic  number] }  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description      label  asic  number 


Display  QoS  label  maps  for  the  specified  ASIC. 
(Optional)  For  asic  number,  the  range  is  0  to  1. 


policer  {parameters  asic  number  I 
port  alloc  number  asic  number] 


I  begin 


I  exclude 


I  include 

expression 


Display  policer  information.  The  keywords  have  these 
meanings: 

•  parameters  asic  number — Display  parameter 
information  for  the  specified  ASIC.  The  range  is  0  to  1. 

•  port  alloc  number  asic  number — Display  port  allocation 
information  for  the  specified  port  and  ASIC.  The  port 
allocation  range  is  0  to  25.  The  ASIC  range  is  0  to  1. 

(Optional)  Display  begins  with  the  line  that  matches  the 
expression. 


(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified 
expression. 

Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  resource-manager 

Use  the  show  platform  resource-manager  privileged  EXEC  command  to  display  platform-dependent 
resource-manager  information. 

show  platform  resource-manager  {dm  [index  number]  I  erd  [index  number]  I 

mad  [index  number]  I  med  [index  number]  I  mod  I  msm  [hash-table  [vlan  vlan-id]  I 
mac-address  mac-address  [vlan  vlan-id] }  I  sd  [index  number]  I 
vld  [index  number]}  [  I  [begin  I  exclude  I  include}  expression] 


Syntax  Description       dm  [index  number]        Display  the  destination  map.  The  keyword  has  this  meaning: 


•    index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 
65535. 


erd  [index  number] 

Display  the  equal-cost-route  descriptor  table  for  the  specified  index.  The 

keyword  has  this  meaning: 

•    index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 

65535. 

mad  [index  number] 

Display  the  MAC-address  descriptor  table  for  the  specified  index.  The 

keyword  has  this  meaning: 

•    index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 

65535. 

med  [index  number]      Display  the  multi-expansion  descriptor  table  for  the  specified  index.  The 
keyword  has  this  meaning: 


•  index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 
65535. 

mod  Display  the  resource-manager  module  information. 

Display  the  MAC-address  descriptor  table  and  the  station  descriptor  table 
information.  The  keywords  have  these  meanings: 

•  hash-table  [vlan  vlan-id] — Display  the  hash  table  for  all  VLANs  or  the 
specified  VLAN.  The  range  is  1  to  4094. 

•  mac-address  mac-address  [vlan  vlan-id] — Display  the  MAC-address 
descriptor  table  for  the  specified  MAC  address  represented  by  the  48-bit 
hardware  address  for  all  VLANs  or  the  specified  VLAN.  The  range  is  1 
to  4094. 


sd  [index  number] 

Display  the  station  descriptor  table  for  the  specified  index.  The  keyword  has 
this  meaning: 

•    index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 
65535. 

vld  [index  number] 

Display  the  VLAN-list  descriptor  table  for  the  specified  index.  The  keyword 
has  this  meaning: 

•    index  number — (Optional)  Display  the  specified  index.  The  range  is  0  to 
65535. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

msm  [hash-table 
[vlan  vlan-id]  I 
mac-address 

mac-address  [vlan 
vlan-id] } 
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I  include 

expression 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 
Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History  Release 


12.2(25)SE1 


Modification 


This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  snmp  counters 


Use  the  show  platform  snmp  counters  privileged  EXEC  command  to  display  platform-dependent 
Simple  Network  Management  Protocol  (SNMP)  counter  information. 

show  platform  snmp  counters  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 


I  begin 
I  exclude 


I  include 


expression 


(Optional)  Display  begins  with  the  line  that  matches  the  expression. 
(Optional)  Display  excludes  lines  that  match  the  expression. 


(Optional)  Display  includes  lines  that  match  the  specified  expression. 


Expression  in  the  output  to  use  as  a  reference  point. 


Command  Modes 


Privileged  EXEC 


Command  History 


Release 

12.2(25)SE1 


Modification 

This  command  was  introduced. 


Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  spanning-tree 


Use  the  show  platform  spanning-tree  privileged  EXEC  command  to  display  platform-dependent 
spanning-tree  information. 

show  platform  spanning-tree  synchronization  [detail  I  vlan  vlan-id]  [  I  {begin  I  exclude  I 
include}  expression] 


Syntax  Description 

synchronization 
[detail  1  vlan 

vlan-id] 

Display  spanning-tree  state  synchronization  information.  The  keywords  have 
these  meanings: 

•  detail — (Optional)  Display  detailed  spanning-tree  information. 

•  vlan  vlan-id — (Optional)  Display  VLAN  switch  spanning-tree  information 
for  the  specified  VLAN.  The  range  is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  stp-instance  8S 


show  platform  stp-instance 


Use  the  show  platform  stp-instance  privileged  EXEC  command  to  display  platform-dependent 
spanning-tree  instance  information. 

show  platform  stp-instance  vlan-id  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description 

vlan-id 

Display  spanning-tree  instance  information  for  the  specified  VLAN.  The  range 

is  1  to  4094. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  team 

Use  the  show  platform  team  privileged  EXEC  command  to  display  platform-dependent  ternary  content 
addressable  memory  (TCAM)  driver  information. 

show  platform  team  {handle  number  I  log-results  I  table  {acl  I  all  I  local  I  mac-address  I  qos  I 
station  I  vlan-list}  I  usage}  [asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]] 
I  invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]] 
I  invalid]]  [  I  {begin  I  exclude  I  include]  expression] 

show  platform  team  table  acl  [asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I 
invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]] 
I  invalid]]  [  I  {begin  I  exclude  I  include]  expression] 

show  platform  team  table  all  [asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I 
invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]] 
I  invalid]]  [  I  {begin  I  exclude  I  include]  expression] 

[asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I  invalid  I  num  number  [detail 
[invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude 
I  include]  expression]  [asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I 
invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]] 
I  invalid]]  [  I  {begin  I  exclude  I  include]  expression]show  platform  team  table  local  [asic 
number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I  invalid  I  num  number  [detail 
[invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude 
I  include]  expression] 

show  platform  team  table  mac-address  [asic  number  [detail  [invalid]]  I  [index  number  [detail 
[invalid]]  I  invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail 
[invalid]]  I  invalid]]  [  I  {begin  I  exclude  I  include}  expression] 

[asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I  invalid  I  num  number  [detail 
[invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude 
I  include}  expression]show  platform  team  table  qos  [asic  number  [detail  [invalid]]  I  [index 
number  [detail  [invalid]]  I  invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num 
number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude  I  include}  expression] 

[asic  number  [detail  [invalid]]  I  [index  number  [detail  [invalid]]  I  invalid  I  num  number  [detail 
[invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude 
I  include}  expression]show  platform  team  table  station  [asic  number  [detail  [invalid]]  I 
[index  number  [detail  [invalid]]  I  invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid] 
I  [num  number  [detail  [invalid]]  I  invalid]]  [  I  {begin  I  exclude  I  include}  expression] 

show  platform  team  table  vlan-list  [  [asic  number  [detail  [invalid]]  I  [index  number  [detail 
[invalid]]  I  invalid  I  num  number  [detail  [invalid]]  I  invalid]  I  [invalid]  I  [num  number  [detail 
[invalid]]  I  invalid]]  [  I  {begin  I  exclude  I  include}  expression] 


Syntax  Description      handle  number  Display  the  TCAM  handle.  The  range  is  0  to  4294967295. 

log-results  Display  the  TCAM  log  results. 
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show  platform  team  18 


table  {acl  I  all  I  local  I 
mac-address  I  qos  I  station  I 
vlan-list} 


Display  lookup  and  forwarding  table  information.  The  keywords 
have  these  meanings: 

•  acl — Display  the  access-control  list  (ACL)  table. 

•  all— Display  all  the  TCAM  tables. 

•  local — Display  the  local  table. 

•  mac-address — Display  the  MAC-address  table. 

•  qos — Display  the  QoS  table. 

•  station — Display  the  station  table. 

•  vlan-list — Display  the  VLAN  list  table. 


usage 


Display  the  CAM  and  forwarding  table  usage. 


[[ask  number  [detail  [invalid]]  I 
[index  number  [detail  [invalid]]  I 
invalid  I  num  number  [detail 
[invalid]]  I  invalid]  I  [invalid]  I 
[num  number  [detail  [invalid]]  I 
invalid]] 


Display  information.  The  keywords  have  these  meanings: 

•  asic  number — Display  information  for  the  specified  ASIC 
device  ID.  The  range  is  0  to  15. 

•  detail  [invalid] — (Optional)  Display  valid  or  invalid  details. 

•  index  number — (Optional)  Display  information  for  the 
specified  TCAM  table  index.  The  range  is  0  to  32768. 

•  num  number — (Optional)  Display  information  for  the 
specified  TCAM  table  number.  The  range  is  0  to  32768. 


1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the 

expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified 

expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 

Privileged  EXEC 

Command  History 

Release 

Modification 

12.2(25)SE1 

This  command  was  introduced. 

Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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show  platform  vlan 


Use  the  show  platform  vlan  privileged  EXEC  command  to  display  platform-dependent  VLAN 
information. 

show  platform  vlan  {misc  I  mvid  I  prune  I  refcount  I  rpc  {receive  I  transmit} }  [  I  { hegin  I  exclude 
I  include}  expression] 


Syntax  Description 


misc 

Display  miscellaneous  VLAN  module  information. 

mvid 

Display  the  mapped  VLAN  ID  (MVID)  allocation  information. 

prune 

Display  the  platform-maintained  pruning  database. 

refcount 

Display  the  VLAN  lock  module-wise  reference  counts. 

rpc  {receive  1 

Display  remote  procedure  call  (RPC)  messages.  The  keywords  have  these 

transmit } 

meanings: 

•    receive — Display  received  information. 

•    transmit — Display  sent  information. 

1  begin 

(Optional)  Display  begins  with  the  line  that  matches  the  expression. 

1  exclude 

(Optional)  Display  excludes  lines  that  match  the  expression. 

1  include 

(Optional)  Display  includes  lines  that  match  the  specified  expression. 

expression 

Expression  in  the  output  to  use  as  a  reference  point. 

Command  Modes 


Privileged  EXEC 


Command  History 
Usage  Guidelines 


You  should  use  this  command  only  when  you  are  working  directly  with  your  technical  support 
representative  while  troubleshooting  a  problem.  Do  not  use  this  command  unless  your  technical  support 
representative  asks  you  to  do  so. 

Expressions  are  case  sensitive.  For  example,  if  you  enter  I  exclude  output,  the  lines  that  contain  output 
do  not  appear,  but  the  lines  that  contain  Output  appear. 
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A 

aaa  accounting  dotlx  command  2-1 
aaa  authentication  dotlx  command  2-3 
aaa  authorization  network  command  2-5 
AAA  methods  2-3 
abort  command  2-580 
access  control  entries 

See  ACEs 
access  control  lists 

See  ACLs 
access  groups 

IP  2-121 

MAC,  displaying  2-375 
access  map  configuration  mode  2-191 
access  mode  2-530 
access  ports  2-530 
ACEs  2-71,2-251 
ACLs 

deny  2-69 

displaying  2-285 

for  non-IP  protocols  2-171 

IP  2-121 

matching  2-191 

on  Layer  2  interfaces  2-121 

permit  2-249 
action  command  2-6 
address  aliasing  2-240 
aggregate-port  learner  2-245 
allowed  VLANs  2-544 
apply  command  2-580 
archive  download-sw  command  2-8 
archive  tar  command  2-11 


archive  upload-sw  command  2-14 
audience  xvii 
authentication  failed  VLAN 

See  dotlx  auth-fail  vlan 
auth-fail  max-attempts 

See  dotlx  auth-fail  max-attempts 
auth-fail  vlan 

See  dotlx  auth-fail  vlan 
authorization  state  of  controlled  port  2-96 
autonegotiation  of  duplex  mode  2-104 
auto  qos  voip  command  2-16 

B 

BackboneFast,  for  STP  2-468 
backup  interfaces 

configuring  2-526 

displaying  2-341 
boot  (boot  loader)  command  A-2 
boot  boothlpr  command  2-20 
boot  config-file  command  2-21 
boot  enable-break  command  2-22 
boot  helper  command  2-23 
boot  helper-config  file  command  2-24 
booting 

Cisco  IOS  image  2-27 

displaying  environment  variables  2-293 

interrupting  2-22 

manually  2-25 
boot  loader 

accessing  A-1 
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boot  loader  (continued) 

booting 

Cisco  IOS  image  A-2 

helper  image  2-23 
directories 

creating  A-15 

displaying  a  list  of  A-7 

removing  A-19 
displaying 

available  commands  A-12 

memory  heap  utilization  A-14 

version  A-26 
environment  variables 

described  A-20 

displaying  settings  A-20 

location  of  A-21 

setting  A-20 

unsetting  A-24 
files 

copying  A-5 

deleting  A-6 

displaying  a  list  of  A-7 

displaying  the  contents  of    A-4,  A-16,  A-23 

renaming  A-17 
file  system 

formatting  A-10 

initializing  flash  A-9 

running  a  consistency  check  A-11 
loading  helper  images  A-13 
resetting  the  system  A-18 
boot  manual  command  2-25 
boot  private-config-file  command  2-26 
boot  system  command  2-27 
BPDU  filtering,  for  spanning  tree    2-469, 2-503 
BPDU  guard,  for  spanning  tree    2-471, 2-503 
broadcast  storm  control  2-521 


c 

candidate  switches 

See  clusters 
cat  (boot  loader)  command  A-4 
caution,  description  xviii 
channel-group  command  2-28 
channel-protocol  command  2-31 
Cisco  Network  Assistant 

See  Network  Assistant  xviii 
Cisco  SoftPhone 

auto-QoS  configuration  2-16 

trusting  packets  sent  from  2-231 
class  command  2-32 
class-map  command  2-34 
class  maps 

creating  2-34 

defining  the  match  criteria  2-193 

displaying  2-297 
class  of  service 

See  CoS 
clear  dotlx  command  2-36 
clear  eap  sessions  command  2-37 
clear  errdisable  interface  2-38 
clear  ip  dhcp  snooping  database  command  2-39 
clear  lacp  command  2-41 
clear  mac  address-table  command    2-42, 2-43 
clear  pagp  command  2-44 
clear  port-security  command  2-45 
clear  spanning-tree  counters  command  2-47 
clear  spanning-tree  detected-protocols  command  2-48 
clear  vmps  statistics  command  2-49 
clear  vtp  counters  command  2-50 
cluster  commander-address  command  2-51 
cluster  discovery  hop-count  command  2-53 
cluster  enable  command  2-55 
cluster  holdtime  command  2-57 
cluster  member  command  2-58 
cluster  outside-interface  command  2-60 
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cluster  requirements  xviii 
cluster  run  command  2-61 
clusters 

adding  candidates  2-58 

binding  to  HSRP  group  2-62 

building  manually  2-58 

communicating  with 
devices  outside  the  cluster  2-60 
members  by  using  Telnet  2-268 

debug  messages,  display  B-5 

displaying 
candidate  switches  2-300 
debug  messages  B-5 
member  switches  2-302 
status  2-298 

hop-count  limit  for  extended  discovery  2-53 

HSRP  standby  groups  2-62 

redundancy  2-62 

SNMP  trap  2-459 
cluster  standby-group  command  2-62 
cluster  timer  command  2-64 
command  modes  defined  1-1 
command  switch 

See  clusters 
configuration,  initial 

See  getting  started  guide  and  hardware  installation  guide 
configuration  files 

password  recovery  disable  considerations  A-1 

specifying  the  name    2-21, 2-26 
configuring  multiple  interfaces  2-117 
config-vlan  mode 

commands  2-567 

description  1-4 

entering  2-566 

summary  1-2 
conventions 

command  xvii 

for  examples  xviii 


conventions  (continued) 

publication  xvii 

text  xvii 
copy  (boot  loader)  command  A-5 
CoS 

assigning  default  value  to  incoming  packets  2-201 

overriding  the  incoming  value  2-201 
CoS-to-DSCP  map  2-205 
CPU  ASIC  statistics,  displaying  2-304 
crashinfo  files  2-110 


D 

debug  auto  qos  command  B-2 

debug  backup  command  B-4 

debug  cluster  command  B-5 

debug  dotlx  command  B-7 

debug  dtp  command  B-8 

debug  eap  command  B-9 

debug  etherchannel  command  B-10 

debug  interface  command  B-11 

debug  ip  igmp  filter  command  B-12 

debug  ip  igmp  max-groups  command  B-13 

debug  ip  igmp  snooping  command  B-14 

debug  lacp  command  B-15 

debug  mac-notification  command  B-16 

debug  matm  command  B-17 

debug  matm  move  update  command  B-18 

debug  monitor  command  B-19 

debug  mvrdbg  command  B-20 

debug  nvram  command  B-21 

debug  pagp  command  B-22 

debug  platform  acl  command  B-23 

debug  platform  backup  interface  command  B-24 

debug  platform  cpu-queues  command  B-25 

debug  platform  dotlx  command  B-27 

debug  platform  etherchannel  command  B-28 

debug  platform  forw-tcam  command  B-29 

debug  platform  ip  dhcp  command  B-30 
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debug 

platform  ip  igmp  snooping  command 

B-31 

debug 

platform  led  command  B-33 

debug 

platform  matm  command  B-34 

debug 

platform  messaging  application  command  B-35 

debug 

platform  phy  command  B-36 

debug 

platform  pm  command  B-38 

debug 

platform  port-asic  command  B-40 

debug 

platform  port-security  command  B-41 

debug 

platform  qos-acl-tcam  command  B-42 

debug 

platform  remote-commands  command 

B-43 

debug 

platform  resource-manager  command 

B-44 

debug 

platform  snmp  command  B-45 

debug 

platform  span  command  B-46 

debug 

platform  supervisor-asic  command  B-47 

debug 

platform  sw-bridge  command  B-48 

debug 

platform  team  command  B-49 

debug 

platform  udld  command  B-51 

debug 

platform  vlan  command  B-52 

debug 

pm  command  B-53 

debug 

port-security  command  B-55 

debug 

qos-manager  command  B-56 

debug 

spanning-tree  backbonefast  command 

B-59 

debug 

spanning-tree  bpdu  command  B-60 

debug 

spanning-tree  bpdu-opt  command  B-61 

debug 

spanning-tree  command  B-57 

debug 

spanning-tree  mstp  command  B-62 

debug 

spanning-tree  switch  command  B-64 

debug 

spanning-tree  uplinkfast  command  B-66 

debug 

sw-vlan  command  B-67 

debug 

sw-vlan  ifs  command  B-69 

debug 

sw-vlan  notification  command  B-70 

debug 

sw-vlan  vtp  command  B-71 

debug 

udld  command  B-73 

debug 

vqpc  command  B-75 

define 

interface-range  command  2-66 

delete 

(boot  loader)  command  A-6 

delete 

command  2-68 

deny  command  2-69 

detect  mechanism,  causes  2-105 


device  manager  requirements  xviii 
DHCP  snooping 
enabling 
on  a  VLAN  2-134 
option  82  2-129 
trust  on  an  interface  2-132 
error  recovery  timer  2-107 
rate  limiting  2-131 
DHCP  snooping  binding  database 
bindings 

displaying  2-354 
clearing  database  agent  statistics  2-39 
displaying 
binding  entries  2-354 
database  agent  status  2-356 
dir  (boot  loader)  command  A-7 
directories,  deleting  2-68 
documentation,  related  xviii 
document  conventions  xvii 
domain  name,  VTP    2-589, 2-593 


dot] 

X 

auth-fail  max-attempts  2-74 

dot] 

X 

auth-fail  vlan  2-76 

dot] 

X 

command  2-72 

dot] 

X 

control-direction  command  2-78 

dot] 

X 

critical  global  configuration  command  2-80 

dot] 

X 

critical  interface  configuration  command  2-82 

dot] 

X 

default  command  2-84 

dot] 

X 

fallback  command  2-85 

dot] 

X 

guest-vlan  command  2-86 

dot] 

X 

host-mode  command  2-89 

dot] 

X 

initialize  command  2-90 

dot] 

X 

mac-auth-bypass  command  2-91 

dot] 

X 

max-reauth-req  command  2-93 

dot] 

X 

max-req  command  2-94 

dot] 

X 

pae  command  2-95 

dot] 

X 

port-control  command  2-96 

dot] 

X 

re-authenticate  command  2-98 

dot] 

X 

reauthentication  command  2-99 

dot] 

X 

timeout  command  2-100 
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dropping  packets,  with  ACL  matches  2-6 
DSCP-to-CoS  map  2-205 
DSCP-to-DSCP-mutation  map  2-205 
DTP  2-531 
DTP  flap 

error  detection  for  2-105 

error  recovery  timer  2-107 
DTP  negotiation  2-532 
duplex  command  2-103 
dynamic-access  ports 

configuring  2-524 

restrictions  2-524 
dynamic  auto  VLAN  membership  mode  2-530 
dynamic  desirable  VLAN  membership  mode  2-530 
Dynamic  Host  Configuration  Protocol  (DHCP) 

See  DHCP  snooping 
Dynamic  Trunking  Protocol 

See  DTP 


E 

EAP-request/identity  frame 
maximum  number  to  send  2-94 
response  time  before  retransmitting  2-100 

environment  variables,  displaying  2-293 

errdisable  detect  cause  command  2-105 

errdisable  recovery  command  2-107 

error  conditions,  displaying  2-330 

error  disable  detection  2-105 

error-disabled  interfaces,  displaying  2-341 

EtherChannel 
assigning  Ethernet  interface  to  channel  group  2-28 
creating  port-channel  logical  interface  2-115 
debug  EtherChannel/PAgP,  display  B-10 
debug  platform-specific  events,  display  B-28 
displaying  2-334 

interface  information,  displaying  2-341 


EtherChannel  (continued) 

LACP 

clearing  channel-group  information  2-41 
debug  messages,  display  B-15 
displaying  2-369 
modes  2-28 

port  priority  for  hot-standby  ports  2-159 

restricting  a  protocol  2-31 

system  priority  2-161 
load-distribution  methods  2-259 
PAgP 

aggregate-port  learner  2-245 

clearing  channel-group  information  2-44 

debug  messages,  display  B-22 

displaying  2-419 

error  detection  for  2-105 

error  recovery  timer  2-107 

learn  method  2-245 

modes  2-28 

physical-port  learner  2-245 

priority  of  interface  for  transmitted  traffic  2-247 
Ethernet  controller,  internal  register  display  2-306 
Ethernet  statistics,  collecting  2-273 
examples,  conventions  for  xviii 
exception  crashinfo  command  2-110 
exit  command  2-580 

extended  discovery  of  candidate  switches  2-53 
extended-range  VLANs 

and  allowed  VLAN  list  2-544 

and  pruning-eligible  list  2-544 

configuring  2-566 
extended  system  ID  for  STP  2-477 

F 

fallback  profile  command  2-111 
fallback  profiles 

displaying  2-337 
fan  information,  displaying  2-326 


I  380265-003 


Cisco  Gigabit  Ethernet  Switch  Module  for  HP  BladeSystem  p-Class  Command  Reference  Guide  ■ 


IN-5 


M Index 


file  name,  VTP  2-589 

files,  deleting  2-68 

flash_init  (boot  loader)  command  A-9 

Flex  Links 

configuring  2-526 

displaying  2-341 
flowcontrol  command  2-113 
format  (boot  loader)  command  A-10 
forwarding  packets,  with  ACL  matches  2-6 
forwarding  results,  display  C-6 
frame  forwarding  information,  displaying  C-6 
fsck  (boot  loader)  command  A-11 

G 

global  configuration  mode    1-2, 1-3 

H 

hardware  ACL  statistics  2-285 

help  (boot  loader)  command  A-12 

hierarchical  policy  maps  2-257 

hop-count  limit  for  clusters  2-53 

host  connection,  port  configuration  2-529 

Hot  Standby  Router  Protocol 

See  HSRP 
HSRP 

binding  HSRP  group  to  cluster  2-62 
standby  group  2-62 

I 

IEEE  802.  lx 

and  switchport  modes  2-531 

violation  error  recovery  2-107 

See  also  port-based  authentication 
IEEE  802.  IX  Port  Based  Authentication 

enabling  guest  VLAN  supplicant    2-75, 2-85, 2-112 


IGMP  filters 

applying  2-135 

debug  messages,  display  B-12 
IGMP  groups,  setting  maximum  2-137 
IGMP  maximum  groups,  debugging  B-13 
IGMP  profiles 

creating  2-139 

displaying  2-359 
IGMP  snooping 

adding  ports  as  a  static  member  of  a  group  2-155 

displaying    2-360, 2-365, 2-367 

enabling  2-141 

enabling  the  configurable-leave  timer  2-143 
enabling  the  Immediate-Leave  feature  2-152 
flooding  query  count  2-149 

interface  topology  change  notification  behavior  2-151 

multicast  table  2-363 

querier  2-145 

query  solicitation  2-149 

report  suppression  2-147 

switch  topology  change  notification  behavior  2-149 
images 

See  software  images 
Immediate-Leave  feature,  MVR  2-242 
immediate-leave  processing  2-152 
initial  configuration 

See  getting  started  guide  and  hardware  installation  guide 
interface  configuration  mode    1-2, 1-4 
interface  port-channel  command  2-115 
interface  range  command  2-117 
interface-range  macros  2-66 
interfaces 

assigning  Ethernet  interface  to  channel  group  2-28 

configuring  2-103 

configuring  multiple  2-117 

creating  port-channel  logical  2-115 

debug  messages,  display  B-11 

disabling  2-457 
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interfaces  (continued) 

displaying  the  MAC  address  table  2-387 

restarting  2-457 
interface  speed,  configuring  2-513 
interface  vlan  command  2-120 
internal  registers,  displaying    2-306, 2-313 
Internet  Group  Management  Protocol 

See  IGMP 
invalid  GBIC 

error  detection  for  2-105 

error  recovery  timer  2-107 
ip  access-group  command  2-121 
ip  address  command  2-123 
IP  addresses,  setting  2-123 
IP  address  matching  2-191 
ip  admission  command  2-125 
ip  admission  name  proxy  http  command  2-126 
IP  DHCP  snooping 

See  DHCP  snooping 

ip  dhcp  snooping  command  2-128 

ip  dhcp  snooping  information  option  command  2-129 

ip  dhcp  snooping  limit  rate  command  2-131 

ip  dhcp  snooping  trust  command  2-132 

ip  dhcp  snooping  verify  command  2-133 

ip  dhcp  snooping  vlan  command  2-134 

ip  igmp  filter  command  2-135 

ip  igmp  max-groups  command  2-137 

ip  igmp  profile  command  2-139 

ip  igmp  snooping  command  2-141 

ip  igmp  snooping  last-member-query-interval 
command  2-143 

ip  igmp  snooping  querier  command  2-145 

ip  igmp  snooping  report-suppression  command  2-147 

ip  igmp  snooping  ten  command  2-149 

ip  igmp  snooping  ten  flood  command  2-151 

ip  igmp  snooping  vlan  immediate-leave  command  2-152 

ip  igmp  snooping  vlan  mrouter  command  2-153 

ip  igmp  snooping  vlan  static  command  2-155 

IP  multicast  addresses  2-239 


IP  phones 

auto-QoS  configuration  2-16 

trusting  packets  sent  from  2-231 
IP-precedence-to-DSCP  map  2-205 
IP  source  guard 

displaying 
dynamic  binding  entries  only  2-354 
ip  ssh  command  2-157 

J 

jumbo  frames 
See  MTU 

L 

LACP 

See  EtherChannel 
lacp  port-priority  command  2-159 
lacp  system-priority  command  2-161 
Layer  2  traceroute 

IP  addresses  2-557 

MAC  addresses  2-554 
line  configuration  mode    1-2, 1-5 
Link  Aggregation  Control  Protocol 

See  EtherChannel 
link  flap 

error  detection  for  2-105 

error  recovery  timer  2-107 
link  state  group  command  2-163 
link  state  track  command  2-165 
load_helper  (boot  loader)  command  A-13 
load-distribution  methods  for  EtherChannel  2-259 
logging  event  command  2-166 
logging  file  command  2-167 
logical  interface  2-115 
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loopback  error 

detection  for  2-105 

recovery  timer  2-107 
loop  guard,  for  spanning  tree    2-478, 2-482 


M 

mac  access-group  command  2-169 
MAC  access-groups,  displaying  2-375 
MAC  access  list  configuration  mode  2-171 
mac  access-list  extended  command  2-171 
MAC  access  lists  2-69 
MAC  addresses 
displaying 

aging  time  2-381 

all  2-379 

dynamic  2-385 

MAC  address-table  move  updates  2-389 

notification  settings  2-391 

number  of  addresses  in  a  VLAN  2-383 

per  interface  2-387 

per  VLAN  2-395 

static  2-393 

static  and  dynamic  entries  2-377 
dynamic 

aging  time  2-173 

deleting  2-42 

displaying  2-385 
enabling  MAC  address  notification  2-176 
enabling  MAC  address-table  move  update  2-174 
matching  2-191 
static 

adding  and  removing  2-178 

displaying  2-393 

dropping  on  an  interface  2-179 
tables  2-379 
mac  address  notification,  debugging  B-16 
mac  address-table  aging-time  2-169,2-191 
mac  address-table  aging-time  command  2-173 


mac  address-table  move  update  command  2-174 

mac  address-table  notification  command  2-176 

mac  address-table  static  command  2-178 

mac  address-table  static  drop  command  2-179 

macro  apply  command  2-181 

macro  description  command  2-184 

macro  global  command  2-185 

macro  global  description  command  2-188 

macro  name  command  2-189 

macros 

adding  a  description  2-184 

adding  a  global  description  2-188 

applying  2-185 

creating  2-189 

displaying  2-421 

interface  range  2-66,2-117 

specifying  parameter  values  2-185 

tracing  2-185 
manual 

audience  xvii 

purpose  of  xvii 
maps 

QoS 
defining  2-205 
displaying  2-405 

VLAN 
creating  2-577 
defining  2-191 
displaying  2-448 
match  (access-map  configuration)  command  2-191 
match  (class-map  configuration)  command  2-193 
maximum  transmission  unit 

See  MTU 
mdix  auto  command  2-195 
member  switches 

See  clusters 
memory  (boot  loader)  command  A-14 
mkdir  (boot  loader)  command  A-15 
mis  qos  aggregate-policer  command  2-199 
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mis 

qos  command  2-197 

mis 

qos  cos  command  2-201 

mis 

qos  dscp-mutation  command  2-203 

mis 

qos  map  command  2-205 

mis 

qos  queue-set  output  buffers  command 

2-209 

mis 

qos  queue-set  output  threshold  command 

2-211 

mis 

qos  rewrite  ip  dscp  command  2-213 

mis 

qos  srr-queue  input  bandwidth  command 

2-215 

mis 

qos  srr-queue  input  buffers  command  2-217 

mis 

qos-srr-queue  input  cos-map  command 

2-219 

mis 

qos  srr-queue  input  dscp-map  command 

2-221 

mis 

qos  srr-queue  input  priority-queue  command  2-223 

mis 

qos  srr-queue  input  threshold  command 

2-225 

mis 

qos-srr-queue  output  cos-map  command 

2-227 

mis 

qos  srr-queue  output  dscp-map  command 

2-229 

mis 

qos  trust  command  2-231 

mis 

qos  vlan-based  command  2-233 

mode,  MVR  2-239 

Mode  button,  and  password  recovery  2-274 
modes,  commands  1-1 
monitor  session  command  2-234 
more  (boot  loader)  command  A-16 
MSTP 
displaying  2-431 
interoperability  2-48 
link  type  2-480 
MST  region 
aborting  changes  2-486 
applying  changes  2-486 
configuration  name  2-486 
configuration  revision  number  2-486 
current  or  pending  display  2-486 
displaying  2-431 
MST  configuration  mode  2-486 
VLANs-to-instance  mapping  2-486 
path  cost  2-488 
protocol  mode  2-484 
restart  protocol  migration  process  2-48 
root  port 


MSTP  (continued) 
loop  guard  2-478 

preventing  from  becoming  designated  2-478 
restricting  which  can  be  root  2-478 
root  guard  2-478 
root  switch 

affects  of  extended  system  ID  2-477 

hello-time  2-491,2-499 

interval  between  BDPU  messages  2-492 

interval  between  hello  BPDU  messages    2-491, 2-499 

max-age  2-492 

maximum  hop  count  before  discarding  BPDU  2-493 

port  priority  for  selection  of  2-495 

primary  or  secondary  2-499 

switch  priority  2-498 
state  changes 

blocking  to  forwarding  state  2-505 

enabling  BPDU  filtering    2-469, 2-503 

enabling  BPDU  guard    2-471, 2-503 

enabling  Port  Fast    2-503, 2-505 

forward-delay  time  2-490 

length  of  listening  and  learning  states  2-490 

rapid  transition  to  forwarding  2-480 

shutting  down  Port  Fast-enabled  ports  2-503 
state  information  display  2-430 
MTU 

configuring  size  2-551 

displaying  global  setting  2-438 
multicast  group  address,  MVR  2-242 
multicast  groups,  MVR  2-240 
multicast  router  learning  method  2-153 
multicast  router  ports,  configuring  2-153 
multicast  storm  control  2-521 
multicast  VLAN,  MVR  2-239 
multicast  VLAN  registration 

See  MVR 

multiple  hosts  on  authorized  port  2-89 
Multiple  Spanning  Tree  Protocol 
See  MSTP 
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MVR 

and  address  aliasing  2-240 
configuring  2-239 
configuring  interfaces  2-242 
debug  messages,  display  B-20 
displaying  2-413 

displaying  interface  information  2-415 

members,  displaying  2-417 
mvr  (global  configuration)  command  2-239 
mvr  (interface  configuration)  command  2-242 
mvr  vlan  group  command  2-243 


N 

native  VLANs  2-544 

Network  Assistant  requirements  xviii 

nonegotiate 

DTP  messaging  2-532 
nonegotiate,  speed  2-513 
non-IP  protocols 

denying  2-69 

forwarding  2-249 
non-IP  traffic  access  lists  2-171 
non-IP  traffic  forwarding 

denying  2-69 

permitting  2-249 
normal-range  VLANs    2-566, 2-571 
note,  description  xviii 
no  vlan  command    2-566, 2-575 

P 

PAgP 

See  EtherChannel 

pagp  learn-method  command  2-245 

pagp  port-priority  command  2-247 

password,  VTP    2-589, 2-593 

password-recovery  mechanism,  enabling  and 
disabling  2-274 


permit  (MAC  access-list  configuration)  command  2-249 
per- VLAN  spanning-tree  plus 

See  STP 
physical-port  learner  2-245 
PID,  displaying  2-351 

PIM-DVMRP,  as  multicast  router  learning  method  2-153 
police  aggregate  command  2-254 
police  command  2-252 
policed-DSCP  map  2-205 
policy-map  command  2-256 
policy  maps 
applying  to  an  interface    2-276, 2-280 
creating  2-256 
displaying  2-424 
hierarchical  2-257 
policers 
displaying  2-398 
for  a  single  class  2-252 
for  multiple  classes    2-199, 2-254 
policed-DSCP  map  2-205 
traffic  classification 
defining  the  class  2-32 
defining  trust  states  2-559 
setting  DSCP  or  IP  precedence  values  2-278 
Port  Aggregation  Protocol 

See  EtherChannel 
port-based  authentication 
AAA  method  list  2-3 
debug  messages,  display  B-7 
enabling  IEEE  802.  lx 
globally  2-72 
per  interface  2-96 
guest  VLAN  2-86 
host  modes  2-89 

IEEE  802. lx  AAA  accounting  methods  2-1 
initialize  an  interface  2-90 
MAC  authentication  bypass  2-91 
manual  control  of  authorization  state  2-96 
multiple  hosts  on  authorized  port  2-89 
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port-based  authentication  (continued) 

PAE  as  authenticator  2-95 
periodic  re-authentication 
enabling  2-99 

time  between  attempts  2-100 

quiet  period  between  failed  authentication 
exchanges  2-100 

re-authenticating  IEEE  802.1x-enabled  ports  2-98 

resetting  configurable  IEEE  802.  lx  parameters  2-84 

switch-to-authentication  server  retransmission 
time  2-100 

switch-to-client  frame-retransmission 
number    2-93  to  2-94 

switch-to-client  retransmission  time  2-100 
port-channel  load-balance  command  2-259 
Port  Fast,  for  spanning  tree  2-505 
port  ranges,  defining  2-66 
ports,  debugging  B-53 
ports,  protected  2-543 
port  security 

aging  2-539 

debug  messages,  display  B-55 

enabling  2-534 

violation  error  recovery  2-107 
port  trust  states  for  QoS  2-231 
port  types,  MVR  2-242 
power  information,  displaying  2-326 
priority-queue  command  2-261 
privileged  EXEC  mode    1  -2, 1  -3 
product  identification  information,  displaying  2-351 
protected  ports,  displaying  2-347 
pruning 

VLANs  2-544 

VTP 

displaying  interface  information  2-341 

enabling    2-589, 2-593 
pruning-eligible  VLAN  list  2-546 
PVST+ 
See  STP 


Q 

QoS 
auto-QoS 

configuring  2-16 

debug  messages,  display  B-2 

displaying  2-289 
class  maps 

creating  2-34 

defining  the  match  criteria  2-193 

displaying  2-297 
defining  the  CoS  value  for  an  incoming  packet  2-201 
displaying  configuration  information    2-289, 2-397 
DSCP  transparency  2-213 
DSCP  trusted  ports 

applying  DSCP-to-DSCP-mutation  map  to  2-203 

defining  DSCP-to-DSCP-mutation  map  2-205 
egress  queues 

allocating  buffers  2-209 

defining  the  CoS  output  queue  threshold  map  2-227 

defining  the  DSCP  output  queue  threshold  map  2-229 

displaying  buffer  allocations  2-401 

displaying  CoS  output  queue  threshold  map  2-405 

displaying  DSCP  output  queue  threshold  map  2-405 

displaying  queueing  strategy  2-401 

displaying  queue-set  settings  2-408 

enabling  bandwidth  shaping  and  scheduling  2-517 

enabling  bandwidth  sharing  and  scheduling  2-519 

limiting  the  maximum  output  on  a  port  2-515 

mapping  a  port  to  a  queue-set  2-263 

mapping  CoS  values  to  a  queue  and  threshold  2-227 

mapping  DSCP  values  to  a  queue  and  threshold  2-229 

setting  maximum  and  reserved  memory 
allocations  2-211 

setting  WTD  thresholds  2-211 
enabling  2-197 
ingress  queues 

allocating  buffers  2-217 

assigning  SRR  scheduling  weights  2-215 
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QoS  (continued) 

defining  the  CoS  input  queue  threshold  map  2-219 
defining  the  DSCP  input  queue  threshold  map  2-221 
displaying  buffer  allocations  2-401 
displaying  CoS  input  queue  threshold  map  2-405 
displaying  DSCP  input  queue  threshold  map  2-405 
displaying  queueing  strategy  2-401 
displaying  settings  for  2-399 
enabling  the  priority  queue  2-223 
mapping  CoS  values  to  a  queue  and  threshold  2-219 
mapping  DSCP  values  to  a  queue  and  threshold  2-221 
setting  WTD  thresholds  2-225 
maps 

defining    2-205, 2-21 9, 2-221 , 2-227, 2-229 

displaying  2-405 
policy  maps 

applying  an  aggregate  policer  2-254 

applying  to  an  interface    2-276, 2-280 

creating  2-256 

defining  policers  2-199,2-252 

displaying  policers  2-398 

displaying  policy  maps  2-424 

hierarchical  2-257 

policed-DSCP  map  2-205 

setting  DSCP  or  IP  precedence  values  2-278 

traffic  classifications  2-32 

trust  states  2-559 
port  trust  states  2-231 
queues,  enabling  the  expedite  2-261 
statistics 

in-profile  and  out-of-profile  packets  2-401 

packets  enqueued  or  dropped  2-401 

sent  and  received  CoS  values  2-401 

sent  and  received  DSCP  values  2-401 
trusted  boundary  for  IP  phones  2-231 
VLAN-based  2-233 
quality  of  service 
See  QoS 


querytime,  MVR  2-239 
queue-set  command  2-263 


radius-server  dead-criteria  command  2-264 
radius-server  host  command  2-266 
rapid  per-VLAN  spanning-tree  plus 

See  STP 
rapid  PVST+ 

See  STP 
rcommand  command  2-268 

re-authenticating  IEEE  802.1x-enabled  ports  2-98 
re-authentication 
periodic  2-99 

time  between  attempts  2-100 
receiver  ports,  MVR  2-242 
receiving  flow-control  packets  2-113 
recovery  mechanism 

causes  2-107 

display    2-38,  2-295,  2-328,  2-332 

timer  interval  2-107 
redundancy  for  cluster  switches  2-62 
remote-span  command  2-270 
Remote  Switched  Port  Analyzer 

See  RSPAN 
rename  (boot  loader)  command  A-17 
requirements 

cluster  xviii 

device  manager  xviii 

Network  Assistant  xviii 
reset  (boot  loader)  command  A-18 
reset  command  2-580 
restricted  VLAN 

See  dotlx  auth-fail  vlan 
rmdir  (boot  loader)  command  A-19 
rmon  collection  stats  command  2-273 
root  guard,  for  spanning  tree  2-478 
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RSPAN 
configuring  2-234 
displaying  2-411 
filter  RSPAN  traffic  2-234 
remote-span  command  2-270 
sessions 

add  interfaces  to  2-234 

displaying  2-411 

start  new  2-234 


s 

secure  ports,  limitations  2-536 

sending  flow-control  packets  2-113 

service  password-recovery  command  2-274 

service-policy  command  2-276 

set  (boot  loader)  command  A-20 

set  command  2-278 

setup  command  2-280 

setup  express  command  2-283 

show  access-lists  command  2-285 

show  archive  status  command  2-288 

show  auto  qos  command  2-289 

show  boot  command  2-293 

show  cable-diagnostics  tdr  command  2-295 

show  changes  command  2-580 

show  class-map  command  2-297 

show  cluster  candidates  command  2-300 

show  cluster  command  2-298 

show  cluster  members  command  2-302 

show  controllers  cpu-interface  command  2-304 

show  controllers  ethernet-controller  command  2-306 

show  controllers  team  command  2-313 

show  controller  utilization  command  2-315 

show  current  command  2-580 

show  dotlx  command  2-317 

show  dtp  2-321 

show  eap  command  2-323 

show  env  command  2-326 


show  errdisable  detect  command  2-328 

show  errdisable  flap-values  command  2-330 

show  errdisable  recovery  command  2-332 

show  etherchannel  command  2-334 

show  fallback  profile  command  2-337 

show  flowcontrol  command  2-339 

show  interfaces  command  2-341 

show  interfaces  counters  command  2-349 

show  inventory  command  2-351 

show  ip  dhep  snooping  binding  command  2-354 

show  ip  dhep  snooping  command  2-353 

show  ip  dhep  snooping  database  command  2-356 

show  ip  igmp  profile  command  2-359 

show  ip  igmp  snooping  command  2-360 

show  ip  igmp  snooping  groups  command  2-363 

show  ip  igmp  snooping  mrouter  command  2-365 

show  ip  igmp  snooping  querier  command  2-367 

show  lacp  command  2-369 

show  link  state  group  command  2-373 

show  mac  access-group  command  2-375 

show  mac  address-table  address  command  2-379 

show  mac  address-table  aging  time  command  2-381 

show  mac  address-table  command  2-377 

show  mac  address-table  count  command  2-383 

show  mac  address-table  dynamic  command  2-385 

show  mac  address-table  interface  command  2-387 

show  mac  address-table  move  update  command  2-389 

show  mac  address-table  notification  command    2-43, 2-391, 
B-18 

show  mac  address-table  static  command  2-393 
show  mac  address-table  vlan  command  2-395 
show  mis  qos  aggregate-policer  command  2-398 
show  mis  qos  command  2-397 
show  mis  qos  input-queue  command  2-399 
show  mis  qos  interface  command  2-401 
show  mis  qos  maps  command  2-405 
show  mis  qos  queue-set  command  2-408 
show  mis  qos  vlan  command  2-410 
show  monitor  command  2-411 
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show  mvr  command  2-413 

show  mvr  interface  command  2-415 

show  mvr  members  command  2-417 

show  pagp  command  2-419 

show  parser  macro  command  2-421 

show  platform  acl  command  C-2 

show  platform  backup  interface  command  C-3 

show  platform  configuration  command  C-4 

show  platform  etherchannel  command  C-5 

show  platform  forward  command  C-6 

show  platform  igmp  snooping  command  C-8 

show  platform  layer4op  command  C-10 

show  platform  mac-address-table  command  C-11 

show  platform  messaging  command  C-12 

show  platform  monitor  command  C-13 

show  platform  mvr  table  command  C-14 

show  platform  pm  command  C-15 

show  platform  port-asic  command  C-16 

show  platform  port-security  command  C-21 

show  platform  qos  command  C-22 

show  platform  resource-manager  command  C-23 

show  platform  snmp  counters  command  C-25 

show  platform  spanning-tree  command  C-26 

show  platform  stp-instance  command  C-27 

show  platform  team  command  C-28 

show  platform  vlan  command  C-30 

show  policy-map  command  2-424 

show  port  security  command  2-426 

show  proposed  command  2-580 

show  setup  express  command  2-429 

show  spanning-tree  command  2-430 

show  storm-control  command  2-436 

show  system  mtu  command  2-438 

show  trust  command  2-559 

show  udld  command  2-439 

show  version  command  2-442 

show  vlan  access-map  command  2-448 

show  vlan  command  2-444 

show  vlan  command,  fields  2-445 


show  vlan  filter  command  2-449 
show  vmps  command  2-450 
show  vtp  command  2-453 
shutdown  command  2-457 
shutdown  vlan  command  2-458 
Smartports  macros 

See  macros 
SNMP  host,  specifying  2-462 
SNMP  informs,  enabling  the  sending  of  2-459 
snmp-server  enable  traps  command  2-459 
snmp-server  host  command  2-462 
snmp  trap  mac-notification  command  2-466 
SNMP  traps 

enabling  MAC  address  notification  trap  2-466 

enabling  the  MAC  address  notification  feature  2-176 

enabling  the  sending  of  2-459 
SoftPhone 

See  Cisco  SoftPhone 
software  images 

deleting  2-68 

downloading  2-8 

upgrading  2-8 

uploading  2-14 
software  version,  displaying  2-442 
source  ports,  MVR  2-242 
SPAN 

configuring  2-234 

debug  messages,  display  B-19 

displaying  2-411 

filter  SPAN  traffic  2-234 

sessions 
add  interfaces  to  2-234 
displaying  2-411 
start  new  2-234 
spanning  2-507 

spanning-tree  backbonefast  command  2-468 
spanning-tree  bpdufilter  command  2-469 
spanning-tree  bpduguard  command  2-471 
spanning-tree  cost  command  2-473 
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spanning- 

-tree 

etherchannel  command  2-475 

spanning- 

-tree 

extend  system-id  command  2-477 

spanning- 

-tree 

guard  command  2-478 

spanning 

-tree 

link-type  command  2-480 

spanning 

-tree 

loopguard  default  command  2-482 

spanning 

-tree 

mode  command  2-484 

spanning 

-tree 

mst  configuration  command  2-486 

spanning- 

-tree 

mst  cost  command  2-488 

spanning 

-tree 

mst  forward-time  command  2-490 

spanning 

-tree 

mst  hello-time  command  2-491 

spanning- 

-tree 

mst  max-age  command  2-492 

cnflnnino 
ajjtiiiiiiiig 

-tree 
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spanning 

-tree 

mst  port-priority  command  2-495 

spanning- 

-tree 

mst  pre-standard  command  2-497 

spanning 

-tree 

mst  priority  command  2-498 

spanning 

-tree 

mst  root  command  2-499 

spanning 

-tree 

portfast  (global  configuration) 

command  2-503 

spanning-tree  portfast  (interface  configuration) 
command  2-505 

spanning-tree  port-priority  command  2-501 

Spanning  Tree  Protocol 


See  STP 

spanning-tree  transmit  hold-count  command  2-507 

spanning-tree  uplinkfast  command  2-508 

spanning-tree  vlan  command  2-510 

speed  command  2-513 

srr-queue  bandwidth  limit  command  2-515 

srr-queue  bandwidth  shape  command  2-517 

srr-queue  bandwidth  share  command  2-519 

SSH,  configuring  version  2-157 

static-access  ports,  configuring  2-524 

statistics,  Ethernet  group  2-273 

sticky  learning,  enabling  2-534 

storm-control  command  2-521 

STP 

BackboneFast  2-468 
counters,  clearing  2-47 
debug  messages,  display 


STP  (continued) 

BackboneFast  events  B-59 
MSTP  B-62 

optimized  BPDUs  handling  B-61 
spanning-tree  activity  B-57 
switch  shim  B-64 

transmitted  and  received  BPDUs  B-60 

UplinkFast  B-66 
detection  of  indirect  link  failures  2-468 
EtherChannel  misconfiguration  2-475 
extended  system  ID  2-477 
path  cost  2-473 
protocol  modes  2-484 
root  port 

accelerating  choice  of  new  2-508 

loop  guard  2-478 

preventing  from  becoming  designated  2-478 
restricting  which  can  be  root  2-478 
root  guard  2-478 
UplinkFast  2-508 
root  switch 

affects  of  extended  system  ID    2-477, 2-511 
hello-time  2-510 

interval  between  BDPU  messages  2-510 
interval  between  hello  BPDU  messages  2-510 
max-age  2-510 

port  priority  for  selection  of  2-501 
primary  or  secondary  2-510 
switch  priority  2-510 
state  changes 
blocking  to  forwarding  state  2-505 
enabling  BPDU  filtering    2-469, 2-503 
enabling  BPDU  guard    2-471, 2-503 
enabling  Port  Fast    2-503, 2-505 
enabling  timer  to  recover  from  error  state  2-107 
forward-delay  time  2-510 
length  of  listening  and  learning  states  2-510 
shutting  down  Port  Fast-enabled  ports  2-503 
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STP  (continued) 

state  information  display  2-430 

VLAN  options    2-498, 2-510 
Switched  Port  Analyzer 

See  SPAN 
switchport  access  command  2-524 
switchport  backup  interface  command  2-526 
switchport  block  command  2-528 
switchport  host  command  2-529 
switchport  mode  command  2-530 
switchport  nonegotiate  command  2-532 
switchport  port-security  aging  command  2-539 
switchport  port-security  command  2-534 
switchport  priority  extend  command  2-541 
switchport  protected  command  2-543 
switchports,  displaying  2-341 
switchport  trunk  command  2-544 
switchport  voice  vlan  command  2-547 
system  env  temperature  threshold  yellow  command  2-549 
system  message  logging,  save  message  to  flash  2-167 
system  mtu  command  2-551 


T 

tar  files,  creating,  listing,  and  extracting  2-11 
TDR,  running  2-553 

Telnet,  using  to  communicate  to  cluster  switches  2-268 

temperature  information,  displaying  2-326 

test  cable-diagnostics  tdr  command  2-553 

traceroute  mac  command  2-554 

traceroute  mac  ip  command  2-557 

trunking,  VLAN  mode  2-530 

trunk  mode  2-530 

trunk  ports  2-530 

trunks,  to  non-DTP  device  2-531 

trusted  boundary  for  QoS  2-231 

trusted  port  states  for  QoS  2-231 

type  (boot  loader)  command  A-23 


u 

UDLD 

aggressive  mode  2-561,2-563 

debug  messages,  display  B-73 

enable  globally  2-561 

enable  per  interface  2-563 

error  recovery  timer  2-107 

message  timer  2-561 

normal  mode    2-561, 2-563 

reset  a  shutdown  interface  2-565 

status  2-439 
udld  command  2-561 
udld  port  command  2-563 
udld  reset  command  2-565 
unicast  storm  control  2-521 
UniDirectional  Link  Detection 

See  UDLD 

unknown  multicast  traffic,  preventing  2-528 
unknown  unicast  traffic,  preventing  2-528 
unset  (boot  loader)  command  A-24 
upgrading 

software  images  2-8 
monitoring  status  of  2-288 
upgrading  information 

See  release  notes 
UplinkFast,  for  STP  2-508 
user  EXEC  mode  1-2,1-3 

V 

version  (boot  loader)  command  A-26 
VLAN 

enabling  guest  VLAN  supplicant    2-75, 2-85 
vlan  (global  configuration)  command  2-566 
vlan  (VLAN  configuration)  command  2-571 
vlan  access-map  command  2-577 
VLAN  access  map  configuration  mode  2-577 
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VLAN  access  maps 

actions  2-6 

displaying  2-448 
VLAN-based  QoS  2-233 
VLAN  configuration 

rules    2-569, 2-573 

saving    2-566, 2-575 
VLAN  configuration  mode 

commands 
VLAN  2-571 
VTP  2-593 

description  1-5 

entering  2-579 

summary  1-2 
vlan  database  command  2-579 
vlan  filter  command  2-582 
VLAN  filters,  displaying  2-449 
VLAN  ID  range    2-566, 2-571 
VLAN  maps 

applying  2-582 

creating  2-577 

defining  2-191 

displaying  2-448 
VLAN  Query  Protocol 

See  VQP 
VLANs 

adding  2-566 

configuring    2-566, 2-571 

debug  messages,  display 
ISL  B-70 

VLAN  IOS  file  system  error  tests  B-69 

VLAN  manager  activity  B-67 

VTP  B-71 
displaying  configurations  2-444 
enabling  guest  VLAN  supplicant  2-112 
extended-range  2-566 
MAC  addresses 

displaying  2-395 

number  of  2-383 


MAC  addresses  (continued) 

media  types    2-568, 2-573 

normal-range    2-566, 2-571 

restarting  2-458 

saving  the  configuration  2-566 

shutting  down  2-458 

SNMP  traps  for  VTP    2-460, 2-463 

suspending  2-458 

variables  2-571 
VLAN  Trunking  Protocol 

See  VTP 
VMPS 

configuring  servers  2-587 

displaying  2-450 

error  recovery  timer  2-107 

reconfirming  dynamic  VLAN  assignments  2-584 
vmps  reconfirm  (global  configuration)  command  2-585 
vmps  reconfirm  (privileged  EXEC)  command  2-584 
vmps  retry  command  2-586 
vmps  server  command  2-587 
voice  VLAN 

configuring  2-547 

setting  port  priority  2-541 
VQP 

and  dynamic-access  ports  2-524 
clearing  client  statistics  2-49 
displaying  information  2-450 
per-server  retry  count  2-586 
reconfirmation  interval  2-585 
reconfirming  dynamic  VLAN  assignments  2-584 
VTP 

changing  characteristics  2-589 
clearing  pruning  counters  2-50 
configuring 

domain  name    2-589, 2-593 

file  name  2-589 

mode    2-589, 2-593 

password    2-589, 2-593 
counters  display  fields  2-454 
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VTP  (continued) 
displaying  information  2-453 
enabling 

pruning    2-589, 2-593 

Version  2    2-589, 2-593 
mode    2-589, 2-593 
pruning    2-589, 2-593 
saving  the  configuration    2-566, 2-575 
statistics  2-453 
status  2-453 

status  display  fields  2-455 
vtp  (global  configuration)  command  2-589 
vtp  (VLAN  configuration)  command  2-593 
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